Reformat wv core/src files

[ Merge of http://go/wvgerrit/80484 ] Clang-format has been run on files in core/src. clang-format has been turned off for some blocks but otherwise no other changes have been made. Bug: 134365840 Test: WV unit/integration tests Change-Id: I6e509f25136f84d37de3d920084302f0f2c23dc4
2019-06-03 17:14:18 -07:00
parent 47c2068d6a
commit a178eed57d
20 changed files with 713 additions and 760 deletions
--- a/libwvdrmengine/cdm/core/src/buffer_reader.cpp
+++ b/libwvdrmengine/cdm/core/src/buffer_reader.cpp
@@ -11,13 +11,15 @@ namespace wvcdm {
 bool BufferReader::Read1(uint8_t* v) {
  if (v == NULL) {
-    LOGE("BufferReader::Read1 : Failure during parse: Null output parameter "
+    LOGE(
        "BufferReader::Read1 : Failure during parse: Null output parameter "
        "when expecting non-null");
    return false;
  }
  if (!HasBytes(1)) {
-    LOGV("BufferReader::Read1 : Failure while parsing: "
+    LOGV(
        "BufferReader::Read1 : Failure while parsing: "
        "Not enough bytes (1)");
    return false;
  }
@@ -30,14 +32,18 @@ bool BufferReader::Read1(uint8_t* v) {
 template <typename T>
 bool BufferReader::Read(T* v) {
  if (v == NULL) {
-    LOGE("BufferReader::Read<T> : Failure during parse: Null output parameter "
+    LOGE(
-         "when expecting non-null (%s)", __PRETTY_FUNCTION__);
+        "BufferReader::Read<T> : Failure during parse: Null output parameter "
        "when expecting non-null (%s)",
        __PRETTY_FUNCTION__);
    return false;
  }
  if (!HasBytes(sizeof(T))) {
-    LOGV("BufferReader::Read<T> : Failure during parse: "
+    LOGV(
-         "Not enough bytes (%u)", sizeof(T));
+        "BufferReader::Read<T> : Failure during parse: "
        "Not enough bytes (%u)",
        sizeof(T));
    return false;
  }
@@ -59,14 +65,17 @@ bool BufferReader::Read8s(int64_t* v) { return Read(v); }
 bool BufferReader::ReadString(std::string* str, size_t count) {
  if (str == NULL) {
-    LOGE("BufferReader::ReadString : Failure during parse: Null output "
+    LOGE(
        "BufferReader::ReadString : Failure during parse: Null output "
        "parameter when expecting non-null");
    return false;
  }
  if (!HasBytes(count)) {
-    LOGV("BufferReader::ReadString : Parse Failure: "
+    LOGV(
-         "Not enough bytes (%d)", count);
+        "BufferReader::ReadString : Parse Failure: "
        "Not enough bytes (%d)",
        count);
    return false;
  }
@@ -77,14 +86,17 @@ bool BufferReader::ReadString(std::string* str, size_t count) {
 bool BufferReader::ReadVec(std::vector<uint8_t>* vec, size_t count) {
  if (vec == NULL) {
-    LOGE("BufferReader::ReadVec : Failure during parse: Null output parameter "
+    LOGE(
        "BufferReader::ReadVec : Failure during parse: Null output parameter "
        "when expecting non-null");
    return false;
  }
  if (!HasBytes(count)) {
-    LOGV("BufferReader::ReadVec : Parse Failure: "
+    LOGV(
-         "Not enough bytes (%d)", count);
+        "BufferReader::ReadVec : Parse Failure: "
        "Not enough bytes (%d)",
        count);
    return false;
  }
@@ -96,8 +108,10 @@ bool BufferReader::ReadVec(std::vector<uint8_t>* vec, size_t count) {
 bool BufferReader::SkipBytes(size_t bytes) {
  if (!HasBytes(bytes)) {
-    LOGV("BufferReader::SkipBytes : Parse Failure: "
+    LOGV(
-         "Not enough bytes (%d)", bytes);
+        "BufferReader::SkipBytes : Parse Failure: "
        "Not enough bytes (%d)",
        bytes);
    return false;
  }
@@ -107,7 +121,8 @@ bool BufferReader::SkipBytes(size_t bytes) {
 bool BufferReader::Read4Into8(uint64_t* v) {
  if (v == NULL) {
-    LOGE("BufferReader::Read4Into8 : Failure during parse: Null output "
+    LOGE(
        "BufferReader::Read4Into8 : Failure during parse: Null output "
        "parameter when expecting non-null");
    return false;
  }
@@ -122,7 +137,8 @@ bool BufferReader::Read4Into8(uint64_t* v) {
 bool BufferReader::Read4sInto8s(int64_t* v) {
  if (v == NULL) {
-    LOGE("BufferReader::Read4sInto8s : Failure during parse: Null output "
+    LOGE(
        "BufferReader::Read4sInto8s : Failure during parse: Null output "
        "parameter when expecting non-null");
    return false;
  }
--- a/libwvdrmengine/cdm/core/src/cdm_engine.cpp
+++ b/libwvdrmengine/cdm/core/src/cdm_engine.cpp
@@ -96,22 +96,26 @@ CdmEngine::~CdmEngine() {
  session_map_.Terminate();
 }
-CdmResponseType CdmEngine::OpenSession(
+CdmResponseType CdmEngine::OpenSession(const CdmKeySystem& key_system,
-    const CdmKeySystem& key_system, CdmClientPropertySet* property_set,
+                                       CdmClientPropertySet* property_set,
-    const CdmSessionId& forced_session_id, WvCdmEventListener* event_listener) {
+                                       const CdmSessionId& forced_session_id,
                                       WvCdmEventListener* event_listener) {
  return OpenSession(key_system, property_set, event_listener,
                     &forced_session_id, NULL);
 }
-CdmResponseType CdmEngine::OpenSession(
+CdmResponseType CdmEngine::OpenSession(const CdmKeySystem& key_system,
-    const CdmKeySystem& key_system, CdmClientPropertySet* property_set,
+                                       CdmClientPropertySet* property_set,
-    WvCdmEventListener* event_listener, CdmSessionId* session_id) {
+                                       WvCdmEventListener* event_listener,
-  return OpenSession(key_system, property_set, event_listener, NULL, session_id);
+                                       CdmSessionId* session_id) {
  return OpenSession(key_system, property_set, event_listener, NULL,
                     session_id);
 }
-CdmResponseType CdmEngine::OpenSession(
+CdmResponseType CdmEngine::OpenSession(const CdmKeySystem& key_system,
-    const CdmKeySystem& key_system, CdmClientPropertySet* property_set,
+                                       CdmClientPropertySet* property_set,
-    WvCdmEventListener* event_listener, const CdmSessionId* forced_session_id,
+                                       WvCdmEventListener* event_listener,
                                       const CdmSessionId* forced_session_id,
                                       CdmSessionId* session_id) {
  LOGI("CdmEngine::OpenSession");
@@ -135,15 +139,14 @@ CdmResponseType CdmEngine::OpenSession(
  std::unique_ptr<CdmSession> new_session(
      new CdmSession(file_system_, metrics_->AddSession()));
-  CdmResponseType sts = new_session->Init(property_set, forced_session_id,
+  CdmResponseType sts =
-                                          event_listener);
+      new_session->Init(property_set, forced_session_id, event_listener);
  if (sts != NO_ERROR) {
    if (sts == NEED_PROVISIONING) {
      cert_provisioning_requested_security_level_ =
          new_session->GetRequestedSecurityLevel();
      // Reserve a session ID so the CDM can return success.
-      if (session_id)
+      if (session_id) *session_id = new_session->GenerateSessionId();
        *session_id = new_session->GenerateSessionId();
    } else {
      LOGE("CdmEngine::OpenSession: bad session init: %d", sts);
    }
@@ -176,8 +179,7 @@ CdmResponseType CdmEngine::OpenKeySetSession(
    key_set_in_use =
        release_key_sets_.find(key_set_id) != release_key_sets_.end();
  }
-  if (key_set_in_use)
+  if (key_set_in_use) CloseKeySetSession(key_set_id);
    CloseKeySetSession(key_set_id);
  CdmSessionId session_id;
  CdmResponseType sts = OpenSession(KEY_SYSTEM, property_set, event_listener,
@@ -186,8 +188,8 @@ CdmResponseType CdmEngine::OpenKeySetSession(
  if (sts != NO_ERROR) return sts;
  std::unique_lock<std::mutex> lock(release_key_sets_lock_);
-  release_key_sets_[key_set_id] = std::make_pair(session_id,
+  release_key_sets_[key_set_id] = std::make_pair(
-      clock_.GetCurrentTime() + kReleaseSessionTimeToLive);
+      session_id, clock_.GetCurrentTime() + kReleaseSessionTimeToLive);
  return NO_ERROR;
 }
@@ -283,16 +285,17 @@ CdmResponseType CdmEngine::GenerateKeyRequest(
  key_request->message.clear();
-  if (license_type == kLicenseTypeRelease &&
+  if (license_type == kLicenseTypeRelease && !session->license_received()) {
      !session->license_received()) {
    int error_detail = NO_ERROR;
    sts = session->RestoreOfflineSession(key_set_id, kLicenseTypeRelease,
                                         &error_detail);
    session->GetMetrics()->cdm_session_restore_offline_session_.Increment(
        sts, error_detail);
    if (sts != KEY_ADDED) {
-      LOGE("CdmEngine::GenerateKeyRequest: key release restoration failed,"
+      LOGE(
-           "sts = %d", static_cast<int>(sts));
+          "CdmEngine::GenerateKeyRequest: key release restoration failed,"
          "sts = %d",
          static_cast<int>(sts));
      return sts;
    }
  }
@@ -307,8 +310,10 @@ CdmResponseType CdmEngine::GenerateKeyRequest(
      cert_provisioning_requested_security_level_ =
          session->GetRequestedSecurityLevel();
    }
-    LOGE("CdmEngine::GenerateKeyRequest: key request generation failed, "
+    LOGE(
-         "sts = %d", static_cast<int>(sts));
+        "CdmEngine::GenerateKeyRequest: key request generation failed, "
        "sts = %d",
        static_cast<int>(sts));
    return sts;
  }
@@ -364,7 +369,6 @@ CdmResponseType CdmEngine::AddKey(const CdmSessionId& session_id,
    return EMPTY_KEY_DATA_1;
  }
  CdmResponseType sts = (session->AddKey(key_data));
  if (sts == KEY_ADDED) {
@@ -380,8 +384,8 @@ CdmResponseType CdmEngine::AddKey(const CdmSessionId& session_id,
  }
  if (key_set_id) {
-    if ((session->is_offline() ||
+    if ((session->is_offline() || session->has_provider_session_token()) &&
-         session->has_provider_session_token()) && !license_type_release) {
+        !license_type_release) {
      *key_set_id = session->key_set_id();
      LOGI("CdmEngine::AddKey: key set ID: %s", key_set_id->c_str());
    } else {
@@ -508,12 +512,8 @@ CdmResponseType CdmEngine::RenewKey(const CdmSessionId& session_id,
  }
  CdmResponseType sts;
-  M_TIME(
+  M_TIME(sts = session->RenewKey(key_data), session->GetMetrics(),
-      sts = session->RenewKey(
+         cdm_session_renew_key_, sts);
          key_data),
      session->GetMetrics(),
      cdm_session_renew_key_,
      sts);
  if (KEY_ADDED != sts) {
    LOGE("CdmEngine::RenewKey: keys not added, sts=%d", static_cast<int>(sts));
@@ -571,24 +571,23 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,
      LOGW("CdmEngine::QueryStatus: GetHdcpCapabilities failed: %d", status);
      return status;
    }
-    *query_response =
+    *query_response = MapHdcpVersion(
-        MapHdcpVersion(query_token == QUERY_KEY_CURRENT_HDCP_LEVEL ?
+        query_token == QUERY_KEY_CURRENT_HDCP_LEVEL ? current_hdcp : max_hdcp);
                       current_hdcp : max_hdcp);
    return NO_ERROR;
  } else if (query_token == QUERY_KEY_USAGE_SUPPORT) {
    bool supports_usage_reporting;
    bool got_info = crypto_session->UsageInformationSupport(
-        security_level,
+        security_level, &supports_usage_reporting);
        &supports_usage_reporting);
    if (!got_info) {
      LOGW("CdmEngine::QueryStatus: UsageInformationSupport failed");
-      metrics_->GetCryptoMetrics()->crypto_session_usage_information_support_
+      metrics_->GetCryptoMetrics()
-          .SetError(got_info);
+          ->crypto_session_usage_information_support_.SetError(got_info);
      return UNKNOWN_ERROR;
    }
-    metrics_->GetCryptoMetrics()->crypto_session_usage_information_support_
+    metrics_->GetCryptoMetrics()
-        .Record(supports_usage_reporting);
+        ->crypto_session_usage_information_support_.Record(
            supports_usage_reporting);
    *query_response =
        supports_usage_reporting ? QUERY_VALUE_TRUE : QUERY_VALUE_FALSE;
@@ -607,9 +606,8 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,
    return NO_ERROR;
  } else if (query_token == QUERY_KEY_MAX_NUMBER_OF_SESSIONS) {
    size_t maximum_number_of_sessions = 0;
-    status =
+    status = crypto_session->GetMaxNumberOfSessions(
-        crypto_session->GetMaxNumberOfSessions(security_level,
+        security_level, &maximum_number_of_sessions);
                                               &maximum_number_of_sessions);
    if (status != NO_ERROR) {
      LOGW("CdmEngine::QueryStatus: GetMaxNumberOfOpenSessions failed: %d",
@@ -671,17 +669,13 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,
    }
    return NO_ERROR;
  } else if (query_token == QUERY_KEY_DECRYPT_HASH_SUPPORT) {
-    *query_response = std::to_string(crypto_session->IsDecryptHashSupported(
+    *query_response =
-        security_level));
+        std::to_string(crypto_session->IsDecryptHashSupported(security_level));
    return NO_ERROR;
  }
-  M_TIME(
+  M_TIME(status = crypto_session->Open(security_level),
-      status = crypto_session->Open(
+         metrics_->GetCryptoMetrics(), crypto_session_open_, status,
          security_level),
      metrics_->GetCryptoMetrics(),
      crypto_session_open_,
      status,
         security_level);
  if (status != NO_ERROR) return status;
@@ -690,8 +684,8 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,
  if (query_token == QUERY_KEY_DEVICE_ID) {
    std::string deviceId;
    status = crypto_session->GetExternalDeviceUniqueId(&deviceId);
-    metrics_->GetCryptoMetrics()->crypto_session_get_device_unique_id_
+    metrics_->GetCryptoMetrics()
-        .Increment(status);
+        ->crypto_session_get_device_unique_id_.Increment(status);
    if (status != NO_ERROR) return status;
    *query_response = deviceId;
@@ -800,8 +794,8 @@ CdmResponseType CdmEngine::QueryKeyAllowedUsage(const std::string& key_id,
  CdmSessionList sessions;
  session_map_.GetSessionList(sessions);
-  for (CdmSessionList::iterator iter = sessions.begin();
+  for (CdmSessionList::iterator iter = sessions.begin(); iter != sessions.end();
-       iter != sessions.end(); ++iter) {
+       ++iter) {
    session_sts = (*iter)->QueryKeyAllowedUsage(key_id, &found_in_this_session);
    if (session_sts == NO_ERROR) {
      if (found) {
@@ -844,8 +838,8 @@ bool CdmEngine::IsSecurityLevelSupported(CdmSecurityLevel level) {
  switch (level) {
    case kSecurityLevelL1:
-      return
+      return crypto_session->GetSecurityLevel(kLevelDefault) ==
-          crypto_session->GetSecurityLevel(kLevelDefault) == kSecurityLevelL1;
+             kSecurityLevelL1;
    case kSecurityLevelL3:
      return crypto_session->GetSecurityLevel(kLevel3) == kSecurityLevelL3;
    default:
@@ -917,7 +911,8 @@ CdmResponseType CdmEngine::HandleProvisioningResponse(
    return INVALID_PROVISIONING_PARAMETERS_1;
  }
  if (wrapped_key == NULL) {
-    LOGE("CdmEngine::HandleProvisioningResponse: invalid wrapped key "
+    LOGE(
        "CdmEngine::HandleProvisioningResponse: invalid wrapped key "
        "destination");
    cert_provisioning_.reset(NULL);
    return INVALID_PROVISIONING_PARAMETERS_2;
@@ -928,12 +923,9 @@ CdmResponseType CdmEngine::HandleProvisioningResponse(
    std::unique_ptr<CryptoSession> crypto_session(
        CryptoSession::MakeCryptoSession(metrics_->GetCryptoMetrics()));
    CdmResponseType status;
-    M_TIME(
+    M_TIME(status = crypto_session->Open(
        status = crypto_session->Open(
               cert_provisioning_requested_security_level_),
-        metrics_->GetCryptoMetrics(),
+           metrics_->GetCryptoMetrics(), crypto_session_open_, status,
        crypto_session_open_,
        status,
           cert_provisioning_requested_security_level_);
    if (NO_ERROR != status) {
      LOGE(
@@ -1020,14 +1012,9 @@ CdmResponseType CdmEngine::DeleteUsageTable(CdmSecurityLevel security_level) {
  std::unique_ptr<CryptoSession> crypto_session(
      CryptoSession::MakeCryptoSession(metrics_->GetCryptoMetrics()));
  CdmResponseType status;
-  M_TIME(
+  M_TIME(status = crypto_session->Open(
-      status = crypto_session->Open(
+             security_level == kSecurityLevelL3 ? kLevel3 : kLevelDefault),
-          security_level == kSecurityLevelL3 ?
+         metrics_->GetCryptoMetrics(), crypto_session_open_, status,
              kLevel3 :
              kLevelDefault),
      metrics_->GetCryptoMetrics(),
      crypto_session_open_,
      status,
         security_level == kSecurityLevelL3 ? kLevel3 : kLevelDefault);
  if (NO_ERROR != status) {
    LOGE("CdmEngine::DeleteUsageTable: error opening crypto session: %d",
@@ -1035,8 +1022,8 @@ CdmResponseType CdmEngine::DeleteUsageTable(CdmSecurityLevel security_level) {
    return UNPROVISION_ERROR_4;
  }
  status = crypto_session->DeleteAllUsageReports();
-  metrics_->GetCryptoMetrics()->crypto_session_delete_all_usage_reports_
+  metrics_->GetCryptoMetrics()
-      .Increment(status);
+      ->crypto_session_delete_all_usage_reports_.Increment(status);
  if (status != NO_ERROR) {
    LOGE("CdmEngine::DeleteUsageTable: error deleteing usage reports: %d",
         status);
@@ -1063,8 +1050,7 @@ CdmResponseType CdmEngine::ListStoredLicenses(
 }
 CdmResponseType CdmEngine::ListUsageIds(
-    const std::string& app_id,
+    const std::string& app_id, CdmSecurityLevel security_level,
    CdmSecurityLevel security_level,
    std::vector<std::string>* ksids,
    std::vector<std::string>* provider_session_tokens) {
  DeviceFiles handle(file_system_);
@@ -1105,8 +1091,7 @@ CdmResponseType CdmEngine::DeleteUsageRecord(const std::string& app_id,
 }
 CdmResponseType CdmEngine::GetOfflineLicenseState(
-    const CdmKeySetId &key_set_id,
+    const CdmKeySetId& key_set_id, CdmSecurityLevel security_level,
    CdmSecurityLevel security_level,
    CdmOfflineLicenseState* license_state) {
  DeviceFiles handle(file_system_);
  if (!handle.Init(security_level)) {
@@ -1132,16 +1117,16 @@ CdmResponseType CdmEngine::GetOfflineLicenseState(
  uint32_t usage_entry_number;
  DeviceFiles::ResponseType sub_error_code = DeviceFiles::kNoError;
-  if (handle.RetrieveLicense(key_set_id, &state, &offline_init_data,
+  if (handle.RetrieveLicense(
-          &key_request, &key_response,
+          key_set_id, &state, &offline_init_data, &key_request, &key_response,
          &offline_key_renewal_request, &offline_key_renewal_response,
-          &offline_release_server_url,
+          &offline_release_server_url, &playback_start_time,
-          &playback_start_time, &last_playback_time, &grace_period_end_time,
+          &last_playback_time, &grace_period_end_time, &app_parameters,
-          &app_parameters, &usage_entry, &usage_entry_number,
+          &usage_entry, &usage_entry_number, &sub_error_code)) {
          &sub_error_code)) {
    *license_state = MapDeviceFilesLicenseState(state);
  } else {
-    LOGE("CdmEngine::GetOfflineLicenseState:: failed to retrieve license state "
+    LOGE(
        "CdmEngine::GetOfflineLicenseState:: failed to retrieve license state "
        "key set id = %s",
        key_set_id.c_str());
    return GET_OFFLINE_LICENSE_STATE_ERROR_2;
@@ -1150,15 +1135,13 @@ CdmResponseType CdmEngine::GetOfflineLicenseState(
 }
 CdmResponseType CdmEngine::RemoveOfflineLicense(
-    const CdmKeySetId &key_set_id,
+    const CdmKeySetId& key_set_id, CdmSecurityLevel security_level) {
    CdmSecurityLevel security_level) {
  UsagePropertySet property_set;
  property_set.set_security_level(
      security_level == kSecurityLevelL3 ? kLevel3 : kLevelDefault);
  DeviceFiles handle(file_system_);
-  CdmResponseType sts = OpenKeySetSession(key_set_id,
+  CdmResponseType sts = OpenKeySetSession(key_set_id, &property_set,
-      &property_set, nullptr /* event listener */);
+                                          nullptr /* event listener */);
  if (sts != NO_ERROR) {
    if (!handle.Init(security_level)) {
      LOGE("CdmEngine::RemoveOfflineLicense: cannot initialize device files");
@@ -1226,8 +1209,8 @@ CdmResponseType CdmEngine::GetUsageInfo(const std::string& app_id,
  CdmKeyResponse license_response;
  std::string usage_entry;
  DeviceFiles::CdmUsageData usage_data;
-  if (!handle.RetrieveUsageInfo(DeviceFiles::GetUsageInfoFileName(app_id),
+  if (!handle.RetrieveUsageInfo(DeviceFiles::GetUsageInfoFileName(app_id), ssid,
-                                ssid, &usage_data)) {
+                                &usage_data)) {
    usage_property_set_->set_security_level(kLevel3);
    usage_property_set_->set_app_id(app_id);
    usage_session_.reset(new CdmSession(file_system_, metrics_->AddSession()));
@@ -1376,8 +1359,8 @@ CdmResponseType CdmEngine::GetUsageInfo(const std::string& app_id,
 CdmResponseType CdmEngine::RemoveAllUsageInfo(
    const std::string& app_id, CdmSecurityLevel cdm_security_level) {
-  LOGI("CdmEngine::RemoveAllUsageInfo: %s, security level: %d",
+  LOGI("CdmEngine::RemoveAllUsageInfo: %s, security level: %d", app_id.c_str(),
-       app_id.c_str(), cdm_security_level);
+       cdm_security_level);
  if (usage_property_set_.get() == nullptr) {
    usage_property_set_.reset(new UsagePropertySet());
  }
@@ -1400,9 +1383,9 @@ CdmResponseType CdmEngine::RemoveAllUsageInfo(
        // might cause other entries to be shifted and information updated.
        do {
          if (!handle.RetrieveUsageInfo(
-              DeviceFiles::GetUsageInfoFileName(app_id),
+                  DeviceFiles::GetUsageInfoFileName(app_id), &usage_data)) {
-              &usage_data)) {
+            LOGW(
-            LOGW("CdmEngine::RemoveAllUsageInfo: failed to retrieve usage info");
+                "CdmEngine::RemoveAllUsageInfo: failed to retrieve usage info");
            break;
          }
@@ -1412,15 +1395,17 @@ CdmResponseType CdmEngine::RemoveAllUsageInfo(
              usage_data[0].usage_entry_number);
          if (res != NO_ERROR) {
-            LOGW("CdmEngine::RemoveAllUsageInfo: failed to delete usage "
+            LOGW(
-                 "entry: error: %d", res);
+                "CdmEngine::RemoveAllUsageInfo: failed to delete usage "
                "entry: error: %d",
                res);
            break;
          }
-          if (!handle.DeleteUsageInfo(
+          if (!handle.DeleteUsageInfo(DeviceFiles::GetUsageInfoFileName(app_id),
              DeviceFiles::GetUsageInfoFileName(app_id),
                                      usage_data[0].provider_session_token)) {
-            LOGW("CdmEngine::RemoveAllUsageInfo: failed to delete usage "
+            LOGW(
                "CdmEngine::RemoveAllUsageInfo: failed to delete usage "
                "info");
            break;
          }
@@ -1439,12 +1424,15 @@ CdmResponseType CdmEngine::RemoveAllUsageInfo(
        if (!handle.DeleteAllUsageInfoForApp(
                DeviceFiles::GetUsageInfoFileName(app_id),
                &provider_session_tokens)) {
-          LOGE("CdmEngine::RemoveAllUsageInfo: failed to delete %d secure"
+          LOGE(
-              "stops", cdm_security_level);
+              "CdmEngine::RemoveAllUsageInfo: failed to delete %d secure"
              "stops",
              cdm_security_level);
          status = REMOVE_ALL_USAGE_INFO_ERROR_1;
        } else {
-          CdmResponseType status2 = usage_session_->
+          CdmResponseType status2 =
-              DeleteMultipleUsageInformation(provider_session_tokens);
+              usage_session_->DeleteMultipleUsageInformation(
                  provider_session_tokens);
          if (status2 != NO_ERROR) status = status2;
        }
        break;
@@ -1468,8 +1456,7 @@ CdmResponseType CdmEngine::RemoveAllUsageInfo(const std::string& app_id) {
 }
 CdmResponseType CdmEngine::RemoveUsageInfo(
-    const std::string& app_id,
+    const std::string& app_id, const CdmSecureStopId& provider_session_token) {
    const CdmSecureStopId& provider_session_token) {
  LOGI("CdmEngine::RemoveUsageInfo: %s, PST: %s", app_id.c_str(),
       provider_session_token.c_str());
  if (NULL == usage_property_set_.get()) {
@@ -1482,11 +1469,11 @@ CdmResponseType CdmEngine::RemoveUsageInfo(
    DeviceFiles handle(file_system_);
    if (handle.Init(static_cast<CdmSecurityLevel>(j))) {
      SecurityLevel security_level =
-          static_cast<CdmSecurityLevel>(j) == kSecurityLevelL3
+          static_cast<CdmSecurityLevel>(j) == kSecurityLevelL3 ? kLevel3
              ? kLevel3
                                                               : kLevelDefault;
      usage_property_set_->set_security_level(security_level);
-      usage_session_.reset(new CdmSession(file_system_, metrics_->AddSession()));
+      usage_session_.reset(
          new CdmSession(file_system_, metrics_->AddSession()));
      usage_session_->Init(usage_property_set_.get());
      std::vector<DeviceFiles::CdmUsageData> usage_data;
@@ -1495,9 +1482,9 @@ CdmResponseType CdmEngine::RemoveUsageInfo(
      CdmUsageEntry usage_entry;
      uint32_t usage_entry_number;
-      if (!handle.RetrieveUsageInfo(
+      if (!handle.RetrieveUsageInfo(DeviceFiles::GetUsageInfoFileName(app_id),
-          DeviceFiles::GetUsageInfoFileName(app_id), provider_session_token,
+                                    provider_session_token, &license_request,
-          &license_request, &license_response, &usage_entry,
+                                    &license_response, &usage_entry,
                                    &usage_entry_number)) {
        // Try other security level
        continue;
@@ -1507,8 +1494,7 @@ CdmResponseType CdmEngine::RemoveUsageInfo(
        case kUsageEntrySupport: {
          status = usage_session_->DeleteUsageEntry(usage_entry_number);
-          if (!handle.DeleteUsageInfo(
+          if (!handle.DeleteUsageInfo(DeviceFiles::GetUsageInfoFileName(app_id),
                DeviceFiles::GetUsageInfoFileName(app_id),
                                      provider_session_token)) {
            status = REMOVE_USAGE_INFO_ERROR_1;
          }
@@ -1517,14 +1503,14 @@ CdmResponseType CdmEngine::RemoveUsageInfo(
        }
        case kUsageTableSupport: {
          std::vector<std::string> provider_session_tokens;
-          handle.DeleteUsageInfo(
+          handle.DeleteUsageInfo(DeviceFiles::GetUsageInfoFileName(app_id),
              DeviceFiles::GetUsageInfoFileName(app_id),
                                 provider_session_token);
          std::unique_ptr<CryptoSession> crypto_session(
              CryptoSession::MakeCryptoSession(metrics_->GetCryptoMetrics()));
-          status = crypto_session->Open(
+          status = crypto_session->Open(static_cast<CdmSecurityLevel>(j) ==
-              static_cast<CdmSecurityLevel>(j) == kSecurityLevelL3
+                                                kSecurityLevelL3
-              ? kLevel3 : kLevelDefault);
+                                            ? kLevel3
                                            : kLevelDefault);
          if (status == NO_ERROR) {
            crypto_session->UpdateUsageInformation();
            status =
@@ -1599,8 +1585,7 @@ CdmResponseType CdmEngine::LoadUsageSession(const CdmKeySetId& key_set_id,
  DeviceFiles::CdmUsageData usage_data;
  if (!handle.RetrieveUsageInfoByKeySetId(
          DeviceFiles::GetUsageInfoFileName(app_id), key_set_id,
-                  &(usage_data.provider_session_token),
+          &(usage_data.provider_session_token), &(usage_data.license_request),
                  &(usage_data.license_request),
          &(usage_data.license), &(usage_data.usage_entry),
          &(usage_data.usage_entry_number))) {
    LOGE("CdmEngine::LoadUsageSession: unable to find usage information");
@@ -1609,8 +1594,8 @@ CdmResponseType CdmEngine::LoadUsageSession(const CdmKeySetId& key_set_id,
  int error_detail = NO_ERROR;
  usage_data.key_set_id = key_set_id;
-  CdmResponseType status = session->RestoreUsageSession(usage_data,
+  CdmResponseType status =
-                                                        &error_detail);
+      session->RestoreUsageSession(usage_data, &error_detail);
  session->GetMetrics()->cdm_session_restore_usage_session_.Increment(
      status, error_detail);
  if (KEY_ADDED != status) {
@@ -1698,10 +1683,12 @@ CdmResponseType CdmEngine::Decrypt(const CdmSessionId& session_id,
  return session->Decrypt(parameters);
 }
-CdmResponseType CdmEngine::GenericEncrypt(
+CdmResponseType CdmEngine::GenericEncrypt(const std::string& session_id,
-      const std::string& session_id, const std::string& in_buffer,
+                                          const std::string& in_buffer,
-      const std::string& key_id, const std::string& iv,
+                                          const std::string& key_id,
-      CdmEncryptionAlgorithm algorithm, std::string* out_buffer) {
+                                          const std::string& iv,
                                          CdmEncryptionAlgorithm algorithm,
                                          std::string* out_buffer) {
  if (out_buffer == NULL) {
    LOGE("CdmEngine::GenericEncrypt: no out_buffer provided");
    return PARAMETER_NULL;
@@ -1715,9 +1702,10 @@ CdmResponseType CdmEngine::GenericEncrypt(
  return session->GenericEncrypt(in_buffer, key_id, iv, algorithm, out_buffer);
 }
-CdmResponseType CdmEngine::GenericDecrypt(
+CdmResponseType CdmEngine::GenericDecrypt(const std::string& session_id,
-      const std::string& session_id, const std::string& in_buffer,
+                                          const std::string& in_buffer,
-      const std::string& key_id, const std::string& iv,
+                                          const std::string& key_id,
                                          const std::string& iv,
                                          CdmEncryptionAlgorithm algorithm,
                                          std::string* out_buffer) {
  if (out_buffer == NULL) {
@@ -1733,9 +1721,10 @@ CdmResponseType CdmEngine::GenericDecrypt(
  return session->GenericDecrypt(in_buffer, key_id, iv, algorithm, out_buffer);
 }
-CdmResponseType CdmEngine::GenericSign(
+CdmResponseType CdmEngine::GenericSign(const std::string& session_id,
-    const std::string& session_id, const std::string& message,
+                                       const std::string& message,
-    const std::string& key_id, CdmSigningAlgorithm algorithm,
+                                       const std::string& key_id,
                                       CdmSigningAlgorithm algorithm,
                                       std::string* signature) {
  if (signature == NULL) {
    LOGE("CdmEngine::GenericSign: no signature buffer provided");
@@ -1750,9 +1739,10 @@ CdmResponseType CdmEngine::GenericSign(
  return session->GenericSign(message, key_id, algorithm, signature);
 }
-CdmResponseType CdmEngine::GenericVerify(
+CdmResponseType CdmEngine::GenericVerify(const std::string& session_id,
-    const std::string& session_id, const std::string& message,
+                                         const std::string& message,
-    const std::string& key_id, CdmSigningAlgorithm algorithm,
+                                         const std::string& key_id,
                                         CdmSigningAlgorithm algorithm,
                                         const std::string& signature) {
  std::shared_ptr<CdmSession> session;
  if (!session_map_.FindSession(session_id, &session)) {
@@ -1764,10 +1754,8 @@ CdmResponseType CdmEngine::GenericVerify(
 }
 CdmResponseType CdmEngine::ParseDecryptHashString(
-    const std::string& hash_string,
+    const std::string& hash_string, CdmSessionId* session_id,
-    CdmSessionId* session_id,
+    uint32_t* frame_number, std::string* hash) {
    uint32_t* frame_number,
    std::string* hash) {
  if (session_id == nullptr) {
    LOGE("CdmEngine::ParseDecryptHashString: |session_id| was not provided");
    return PARAMETER_NULL;
@@ -1788,7 +1776,8 @@ CdmResponseType CdmEngine::ParseDecryptHashString(
    tokens.push_back(token);
  }
  if (tokens.size() != 3) {
-    LOGE("CdmEngine::ParseDecryptHashString: |hash_string| has invalid format, "
+    LOGE(
        "CdmEngine::ParseDecryptHashString: |hash_string| has invalid format, "
        "unexpected number of tokens: %d (%s)",
        tokens.size(), hash_string.c_str());
    return INVALID_DECRYPT_HASH_FORMAT;
@@ -1796,8 +1785,10 @@ CdmResponseType CdmEngine::ParseDecryptHashString(
  for (size_t i = 0; i < tokens.size(); ++i) {
    if (tokens[i].empty()) {
-      LOGE("CdmEngine::ParseDecryptHashString: |hash_string| has invalid "
+      LOGE(
-           "format, token %d of length 0: %s", i, hash_string.c_str());
+          "CdmEngine::ParseDecryptHashString: |hash_string| has invalid "
          "format, token %d of length 0: %s",
          i, hash_string.c_str());
      return INVALID_DECRYPT_HASH_FORMAT;
    }
  }
@@ -1805,8 +1796,10 @@ CdmResponseType CdmEngine::ParseDecryptHashString(
  *session_id = tokens[0];
  std::istringstream iss(tokens[1]);
  if (!(iss >> *frame_number)) {
-    LOGE("CdmEngine::ParseDecryptHashString: error while trying to convert "
+    LOGE(
-         "frame number to a numeric format: %s", hash_string.c_str());
+        "CdmEngine::ParseDecryptHashString: error while trying to convert "
        "frame number to a numeric format: %s",
        hash_string.c_str());
    return INVALID_DECRYPT_HASH_FORMAT;
  }
@@ -1820,8 +1813,7 @@ CdmResponseType CdmEngine::ParseDecryptHashString(
  return NO_ERROR;
 }
-CdmResponseType CdmEngine::SetDecryptHash(
+CdmResponseType CdmEngine::SetDecryptHash(const CdmSessionId& session_id,
    const CdmSessionId& session_id,
                                          uint32_t frame_number,
                                          const std::string& hash) {
  LOGI("CdmEngine::SetDecryptHash: %s", session_id.c_str());
@@ -1832,8 +1824,7 @@ CdmResponseType CdmEngine::SetDecryptHash(
  return session->SetDecryptHash(frame_number, hash);
 }
-CdmResponseType CdmEngine::GetDecryptHashError(
+CdmResponseType CdmEngine::GetDecryptHashError(const CdmSessionId& session_id,
    const CdmSessionId& session_id,
                                               std::string* error_string) {
  LOGI("CdmEngine::GetDecryptHashError: %s", session_id.c_str());
  std::shared_ptr<CdmSession> session;
@@ -1847,8 +1838,8 @@ CdmResponseType CdmEngine::GetDecryptHashError(
 bool CdmEngine::IsKeyLoaded(const KeyId& key_id) {
  CdmSessionList sessions;
  session_map_.GetSessionList(sessions);
-  for (CdmSessionList::iterator iter = sessions.begin();
+  for (CdmSessionList::iterator iter = sessions.begin(); iter != sessions.end();
-       iter != sessions.end(); ++iter) {
+       ++iter) {
    if ((*iter)->IsKeyLoaded(key_id)) {
      return true;
    }
@@ -1872,8 +1863,8 @@ bool CdmEngine::FindSessionForKey(const KeyId& key_id,
  CdmSessionList::iterator session_iter = sessions.end();
  int64_t seconds_remaining = 0;
-  for (CdmSessionList::iterator iter = sessions.begin();
+  for (CdmSessionList::iterator iter = sessions.begin(); iter != sessions.end();
-       iter != sessions.end(); ++iter) {
+       ++iter) {
    CdmSessionId id = (*iter)->session_id();
    if (Properties::GetSessionSharingId(id) == session_sharing_id) {
      if ((*iter)->IsKeyLoaded(key_id)) {
@@ -1927,8 +1918,7 @@ void CdmEngine::OnTimerEvent() {
    session_map_.GetSessionList(sessions);
    while (!sessions.empty()) {
-      is_initial_usage_update =
+      is_initial_usage_update = is_initial_usage_update ||
          is_initial_usage_update ||
                                sessions.front()->is_initial_usage_update();
      is_usage_update_needed =
          is_usage_update_needed || sessions.front()->is_usage_update_needed();
@@ -1990,8 +1980,7 @@ CdmResponseType CdmEngine::ValidateServiceCertificate(const std::string& cert) {
  return certificate.Init(cert);
 }
-std::string CdmEngine::MapHdcpVersion(
+std::string CdmEngine::MapHdcpVersion(CryptoSession::HdcpCapability version) {
    CryptoSession::HdcpCapability version) {
  switch (version) {
    case HDCP_NONE:
      return QUERY_VALUE_HDCP_NONE;
@@ -2048,27 +2037,26 @@ void CdmEngine::DeleteAllUsageReportsUponFactoryReset() {
    std::unique_ptr<CryptoSession> crypto_session(
        CryptoSession::MakeCryptoSession(metrics_->GetCryptoMetrics()));
    CdmResponseType status;
-    M_TIME(
+    M_TIME(status = crypto_session->Open(
        status = crypto_session->Open(
               cert_provisioning_requested_security_level_),
-        metrics_->GetCryptoMetrics(),
+           metrics_->GetCryptoMetrics(), crypto_session_open_, status,
        crypto_session_open_,
        status,
           cert_provisioning_requested_security_level_);
    if (NO_ERROR == status) {
      status = crypto_session->DeleteAllUsageReports();
-      metrics_->GetCryptoMetrics()->crypto_session_delete_all_usage_reports_
+      metrics_->GetCryptoMetrics()
-          .Increment(status);
+          ->crypto_session_delete_all_usage_reports_.Increment(status);
      if (NO_ERROR != status) {
        LOGW(
            "CdmEngine::DeleteAllUsageReportsUponFactoryReset: "
-            "Fails to delete usage reports: %d", status);
+            "Fails to delete usage reports: %d",
            status);
      }
    } else {
      LOGW(
          "CdmEngine::DeleteAllUsageReportsUponFactoryReset: "
          "Fails to open crypto session: error=%d.\n"
-          "Usage reports are not removed after factory reset.", status);
+          "Usage reports are not removed after factory reset.",
          status);
    }
  }
 }
--- a/libwvdrmengine/cdm/core/src/cdm_engine_factory.cpp
+++ b/libwvdrmengine/cdm/core/src/cdm_engine_factory.cpp
@@ -6,6 +6,7 @@
 #include <memory>
 #include <string>
 #include "cdm_engine.h"
 #include "cdm_engine_metrics_decorator.h"
 #include "clock.h"
--- a/libwvdrmengine/cdm/core/src/cdm_session.cpp
+++ b/libwvdrmengine/cdm/core/src/cdm_session.cpp
@@ -63,8 +63,7 @@ CdmSession::CdmSession(FileSystem* file_system,
 CdmSession::~CdmSession() {
  if (usage_support_type_ == kUsageEntrySupport &&
-      has_provider_session_token() &&
+      has_provider_session_token() && usage_table_header_ != NULL &&
      usage_table_header_ != NULL &&
      !is_release_) {
    UpdateUsageEntryInformation();
  }
@@ -152,7 +151,8 @@ CdmResponseType CdmSession::Init(CdmClientPropertySet* cdm_client_property_set,
      crypto_metrics_, crypto_session_load_certificate_private_key_,
      load_cert_sts);
  switch (load_cert_sts) {
-    case NO_ERROR: break;
+    case NO_ERROR:
      break;
    case SESSION_LOST_STATE_ERROR:
    case SYSTEM_INVALIDATED_ERROR:
      return load_cert_sts;
@@ -207,8 +207,8 @@ CdmResponseType CdmSession::Init(CdmClientPropertySet* cdm_client_property_set,
  return NO_ERROR;
 }
-CdmResponseType CdmSession::RestoreOfflineSession(
+CdmResponseType CdmSession::RestoreOfflineSession(const CdmKeySetId& key_set_id,
-    const CdmKeySetId& key_set_id, CdmLicenseType license_type,
+                                                  CdmLicenseType license_type,
                                                  int* error_detail) {
  if (!initialized_) {
    LOGE("CdmSession::RestoreOfflineSession: not initialized");
@@ -237,8 +237,7 @@ CdmResponseType CdmSession::RestoreOfflineSession(
        "sub error: %d, key set id = %s",
        sub_error_code, key_set_id.c_str());
    SetErrorDetail(error_detail, sub_error_code);
-    return sub_error_code == DeviceFiles::kFileNotFound
+    return sub_error_code == DeviceFiles::kFileNotFound ? KEYSET_ID_NOT_FOUND_4
      ? KEYSET_ID_NOT_FOUND_4
                                                        : GET_LICENSE_ERROR;
  }
@@ -341,8 +340,8 @@ CdmResponseType CdmSession::RestoreUsageSession(
  CdmResponseType sts = NO_ERROR;
  if (usage_support_type_ == kUsageEntrySupport &&
      usage_table_header_ != NULL) {
-    sts = usage_table_header_->LoadEntry(
+    sts = usage_table_header_->LoadEntry(crypto_session_.get(), usage_entry_,
-        crypto_session_.get(), usage_entry_, usage_entry_number_);
+                                         usage_entry_number_);
    crypto_metrics_->usage_table_header_load_entry_.Increment(sts);
    if (sts != NO_ERROR) {
      LOGE("CdmSession::RestoreUsageSession: failed to load usage entry = %d",
@@ -398,9 +397,7 @@ CdmResponseType CdmSession::GenerateKeyRequest(
 CdmResponseType CdmSession::GenerateKeyRequestInternal(
    const InitializationData& init_data, CdmLicenseType license_type,
-    const CdmAppParameterMap& app_parameters,
+    const CdmAppParameterMap& app_parameters, CdmKeyRequest* key_request) {
    CdmKeyRequest* key_request) {
  if (!initialized_) {
    LOGE("CdmSession::GenerateKeyRequest: not initialized");
    return NOT_INITIALIZED_ERROR;
@@ -527,7 +524,8 @@ CdmResponseType CdmSession::AddKeyInternal(const CdmKeyResponse& key_response) {
    // Update the license sdk and service versions.
    const VersionInfo& version_info = license_parser_->GetServiceVersion();
    metrics_->license_sdk_version_.Record(version_info.license_sdk_version());
-    metrics_->license_sdk_version_.Record(version_info.license_service_version());
+    metrics_->license_sdk_version_.Record(
        version_info.license_service_version());
    // Update or delete entry if usage table header+entries are supported
    if (usage_support_type_ == kUsageEntrySupport &&
@@ -805,8 +803,8 @@ CdmResponseType CdmSession::DeleteUsageEntry(uint32_t usage_entry_number) {
    return INCORRECT_USAGE_SUPPORT_TYPE_1;
  }
-  sts = usage_table_header_->DeleteEntry(usage_entry_number,
+  sts = usage_table_header_->DeleteEntry(usage_entry_number, file_handle_.get(),
-                                         file_handle_.get(), crypto_metrics_);
+                                         crypto_metrics_);
  crypto_metrics_->usage_table_header_delete_entry_.Increment(sts);
  return sts;
 }
@@ -835,8 +833,8 @@ bool CdmSession::GenerateKeySetId(CdmKeySetId* key_set_id) {
      (kKeySetIdLength - sizeof(KEY_SET_ID_PREFIX)) / 2, 0);
  while (key_set_id->empty()) {
-    if (crypto_session_->GetRandom(random_data.size(), &random_data[0])
+    if (crypto_session_->GetRandom(random_data.size(), &random_data[0]) !=
-        != NO_ERROR) {
+        NO_ERROR) {
      return false;
    }
@@ -906,8 +904,7 @@ CdmResponseType CdmSession::StoreLicense() {
    }
    std::vector<std::string> provider_session_tokens;
    file_handle_->DeleteAllUsageInfoForApp(
-        DeviceFiles::GetUsageInfoFileName(app_id),
+        DeviceFiles::GetUsageInfoFileName(app_id), &provider_session_tokens);
        &provider_session_tokens);
    return STORE_USAGE_INFO_ERROR;
  }
@@ -934,21 +931,16 @@ CdmResponseType CdmSession::RemoveKeys() {
  CdmResponseType sts;
  crypto_session_.reset(CryptoSession::MakeCryptoSession(crypto_metrics_));
  // Ignore errors
-  M_TIME(
+  M_TIME(sts = crypto_session_->Open(requested_security_level_),
-      sts = crypto_session_->Open(requested_security_level_),
+         crypto_metrics_, crypto_session_open_, sts, requested_security_level_);
-      crypto_metrics_,
+  policy_engine_.reset(
-      crypto_session_open_,
+      new PolicyEngine(session_id_, NULL, crypto_session_.get()));
      sts,
      requested_security_level_);
  policy_engine_.reset(new PolicyEngine(
        session_id_, NULL, crypto_session_.get()));
  return NO_ERROR;
 }
 CdmResponseType CdmSession::RemoveLicense() {
  CdmResponseType sts = NO_ERROR;
  if (is_offline_ || has_provider_session_token()) {
    if (usage_support_type_ == kUsageEntrySupport &&
        has_provider_session_token()) {
      sts = DeleteUsageEntry(usage_entry_number_);
@@ -1058,7 +1050,8 @@ CdmResponseType CdmSession::UpdateUsageEntryInformation() {
  if (is_offline_)
    StoreLicense(is_release_ ? DeviceFiles::kLicenseStateReleasing
-                             : DeviceFiles::kLicenseStateActive, nullptr);
+                             : DeviceFiles::kLicenseStateActive,
                 nullptr);
  else if (!usage_provider_session_token_.empty())
    UpdateUsageInfo();
@@ -1132,8 +1125,7 @@ CdmResponseType CdmSession::SetDecryptHash(uint32_t frame_number,
  return crypto_session_->SetDecryptHash(frame_number, hash);
 }
-CdmResponseType CdmSession::GetDecryptHashError(
+CdmResponseType CdmSession::GetDecryptHashError(std::string* error_string) {
    std::string* error_string) {
  return crypto_session_->GetDecryptHashError(error_string);
 }
--- a/libwvdrmengine/cdm/core/src/cdm_session_map.cpp
+++ b/libwvdrmengine/cdm/core/src/cdm_session_map.cpp
@@ -11,13 +11,11 @@
 namespace wvcdm {
-CdmSessionMap::~CdmSessionMap() {
+CdmSessionMap::~CdmSessionMap() { Terminate(); }
  Terminate();
 }
 void CdmSessionMap::Terminate() {
-  for (CdmIdToSessionMap::iterator i = sessions_.begin();
+  for (CdmIdToSessionMap::iterator i = sessions_.begin(); i != sessions_.end();
-       i != sessions_.end(); ++i) {
+       ++i) {
    i->second->Close();
    i->second.reset();
  }
--- a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
+++ b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
@@ -3,6 +3,7 @@
 // License Agreement.
 #include "certificate_provisioning.h"
 #include "client_identification.h"
 #include "device_files.h"
 #include "file_store.h"
@@ -110,9 +111,9 @@ using video_widevine::SignedProvisioningMessage;
 CdmResponseType CertificateProvisioning::Init(
    const std::string& service_certificate) {
-
+  std::string certificate = service_certificate.empty()
-  std::string certificate = service_certificate.empty() ?
+                                ? kCpProductionServiceCertificate
-      kCpProductionServiceCertificate : service_certificate;
+                                : service_certificate;
  return service_certificate_->Init(certificate);
 }
@@ -126,7 +127,8 @@ CdmResponseType CertificateProvisioning::SetSpoidParameter(
    const std::string& origin, const std::string& spoid,
    ProvisioningRequest* request) {
  if (!request) {
-    LOGE("CertificateProvisioning::SetSpoidParameter: No request buffer "
+    LOGE(
        "CertificateProvisioning::SetSpoidParameter: No request buffer "
        "passed to method.");
    return PARAMETER_NULL;
  }
@@ -137,7 +139,8 @@ CdmResponseType CertificateProvisioning::SetSpoidParameter(
    if (!service_certificate_->provider_id().empty()) {
      request->set_provider_id(service_certificate_->provider_id());
    } else {
-      LOGE("CertificateProvisioning::SetSpoidParameter: Failure getting "
+      LOGE(
          "CertificateProvisioning::SetSpoidParameter: Failure getting "
          "provider ID");
      return SERVICE_CERTIFICATE_PROVIDER_ID_EMPTY;
    }
@@ -148,7 +151,8 @@ CdmResponseType CertificateProvisioning::SetSpoidParameter(
        crypto_session_->GetInternalDeviceUniqueId(&device_unique_id);
    if (status != NO_ERROR) {
-      LOGE("CertificateProvisioning::SetSpoidParameter: Failure getting "
+      LOGE(
          "CertificateProvisioning::SetSpoidParameter: Failure getting "
          "device unique ID");
      return status;
    }
@@ -209,7 +213,8 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequest(
  if (status != NO_ERROR) return status;
  if (!service_certificate_->has_certificate()) {
-    LOGE("CertificateProvisioning::GetProvisioningRequest: Service "
+    LOGE(
        "CertificateProvisioning::GetProvisioningRequest: Service "
        "Certificate not staged");
    return CERT_PROVISIONING_EMPTY_SERVICE_CERTIFICATE;
  }
@@ -226,8 +231,9 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequest(
  if (status != NO_ERROR) {
    LOGE("GetProvisioningRequest: fails to generate a nonce: %d", status);
-    return status == NONCE_GENERATION_ERROR ?
+    return status == NONCE_GENERATION_ERROR
-        CERT_PROVISIONING_NONCE_GENERATION_ERROR : status;
+               ? CERT_PROVISIONING_NONCE_GENERATION_ERROR
               : status;
  }
  // The provisioning server does not convert the nonce to uint32_t, it just
@@ -303,7 +309,6 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequest(
 CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
    FileSystem* file_system, const CdmProvisioningResponse& response_message,
    std::string* cert, std::string* wrapped_key) {
  if (response_message.empty()) {
    LOGE("HandleProvisioningResponse: response message is empty.");
    return CERT_PROVISIONING_RESPONSE_ERROR_1;
@@ -317,7 +322,8 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
    // Extract it and decode it. On error return an empty string.
    ExtractAndDecodeSignedMessage(response_message, &response);
    if (response.empty()) {
-      LOGE("HandleProvisioningResponse: response message is "
+      LOGE(
          "HandleProvisioningResponse: response message is "
          "an invalid JSON/base64 string.");
      return CERT_PROVISIONING_RESPONSE_ERROR_1;
    }
@@ -362,8 +368,8 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
  // If Provisioning 3.0 (OEM Cert provisioned), verify that the
  // message is properly signed.
  if (crypto_session_->GetPreProvisionTokenType() == kClientTokenOemCert) {
-    if (service_certificate_->VerifySignedMessage(signed_message, signature)
+    if (service_certificate_->VerifySignedMessage(signed_message, signature) !=
-        != NO_ERROR) {
+        NO_ERROR) {
      // TODO(b/69562876): if the cert is bad, request a new one.
      LOGE("HandleProvisioningResponse: message not properly signed");
      return CERT_PROVISIONING_RESPONSE_ERROR_6;
@@ -374,14 +380,14 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
  const std::string& nonce = provisioning_response.nonce();
  const std::string& iv = provisioning_response.device_rsa_key_iv();
-  const std::string& wrapping_key = (provisioning_response.has_wrapping_key()) ?
+  const std::string& wrapping_key = (provisioning_response.has_wrapping_key())
-      provisioning_response.wrapping_key() : std::string();
+                                        ? provisioning_response.wrapping_key()
                                        : std::string();
  std::string wrapped_private_key;
-  CdmResponseType status =
+  CdmResponseType status = crypto_session_->RewrapCertificate(
-      crypto_session_->RewrapCertificate(signed_message, signature, nonce,
+      signed_message, signature, nonce, new_private_key, iv, wrapping_key,
                                         new_private_key, iv, wrapping_key,
      &wrapped_private_key);
  if (status != NO_ERROR) {
--- a/libwvdrmengine/cdm/core/src/client_identification.cpp
+++ b/libwvdrmengine/cdm/core/src/client_identification.cpp
@@ -77,7 +77,6 @@ CdmResponseType ClientIdentification::Prepare(
    const CdmAppParameterMap& app_parameters,
    const std::string& provider_client_token,
    video_widevine::ClientIdentification* client_id) {
  if (is_license_request_) {
    client_id->set_type(
        video_widevine::ClientIdentification::DRM_DEVICE_CERTIFICATE);
@@ -85,7 +84,8 @@ CdmResponseType ClientIdentification::Prepare(
  } else {
    video_widevine::ClientIdentification::TokenType token_type;
    if (!GetProvisioningTokenType(&token_type)) {
-      LOGE("ClientIdentification::Prepare: failure getting provisioning token "
+      LOGE(
          "ClientIdentification::Prepare: failure getting provisioning token "
          "type");
      return CLIENT_IDENTIFICATION_TOKEN_ERROR_1;
    }
@@ -94,8 +94,10 @@ CdmResponseType ClientIdentification::Prepare(
    std::string token;
    CdmResponseType status = crypto_session_->GetProvisioningToken(&token);
    if (status != NO_ERROR) {
-      LOGE("ClientIdentification::Prepare: failure getting provisioning token: "
+      LOGE(
-           "%d", status);
+          "ClientIdentification::Prepare: failure getting provisioning token: "
          "%d",
          status);
      return status;
    }
    client_id->set_token(token);
@@ -223,7 +225,8 @@ CdmResponseType ClientIdentification::Prepare(
        default:
          LOGW(
              "ClientIdentification::PrepareClientId: unexpected HDCP max "
-              "capability version %d", max_version);
+              "capability version %d",
              max_version);
      }
    }
  }
@@ -252,23 +255,27 @@ CdmResponseType ClientIdentification::Prepare(
  bool can_support_output;
  bool can_disable_output;
  bool can_support_cgms_a;
-  if (crypto_session_->GetAnalogOutputCapabilities(&can_support_output,
+  if (crypto_session_->GetAnalogOutputCapabilities(
-                                                   &can_disable_output,
+          &can_support_output, &can_disable_output, &can_support_cgms_a)) {
                                                   &can_support_cgms_a)) {
    video_widevine::ClientIdentification_ClientCapabilities_AnalogOutputCapabilities
-        capabilities = video_widevine::ClientIdentification_ClientCapabilities_AnalogOutputCapabilities_ANALOG_OUTPUT_NONE;
+        capabilities = video_widevine::
            ClientIdentification_ClientCapabilities_AnalogOutputCapabilities_ANALOG_OUTPUT_NONE;
    if (can_support_output) {
      if (can_support_cgms_a) {
-        capabilities = video_widevine::ClientIdentification_ClientCapabilities_AnalogOutputCapabilities_ANALOG_OUTPUT_SUPPORTS_CGMS_A;
+        capabilities = video_widevine::
            ClientIdentification_ClientCapabilities_AnalogOutputCapabilities_ANALOG_OUTPUT_SUPPORTS_CGMS_A;
      } else {
-        capabilities = video_widevine::ClientIdentification_ClientCapabilities_AnalogOutputCapabilities_ANALOG_OUTPUT_SUPPORTED;
+        capabilities = video_widevine::
            ClientIdentification_ClientCapabilities_AnalogOutputCapabilities_ANALOG_OUTPUT_SUPPORTED;
      }
    }
    client_capabilities->set_analog_output_capabilities(capabilities);
    client_capabilities->set_can_disable_analog_output(can_disable_output);
  } else {
-    client_capabilities->set_analog_output_capabilities(video_widevine::ClientIdentification_ClientCapabilities_AnalogOutputCapabilities_ANALOG_OUTPUT_UNKNOWN);
+    client_capabilities->set_analog_output_capabilities(
        video_widevine::
            ClientIdentification_ClientCapabilities_AnalogOutputCapabilities_ANALOG_OUTPUT_UNKNOWN);
  }
  uint32_t version, tier;
@@ -297,8 +304,10 @@ bool ClientIdentification::GetProvisioningTokenType(
    case kClientTokenDrmCert:
    default:
      // shouldn't happen
-      LOGE("CertificateProvisioning::GetProvisioningTokenType: unexpected "
+      LOGE(
-          "provisioning type: %d", token);
+          "CertificateProvisioning::GetProvisioningTokenType: unexpected "
          "provisioning type: %d",
          token);
      return false;
  }
 }
--- a/libwvdrmengine/cdm/core/src/content_key_session.cpp
+++ b/libwvdrmengine/cdm/core/src/content_key_session.cpp
@@ -3,6 +3,7 @@
 // License Agreement.
 #include "content_key_session.h"
 #include "crypto_key.h"
 #include "crypto_session.h"
 #include "log.h"
@@ -36,8 +37,7 @@ OEMCryptoResult ContentKeySession::GenerateDerivedKeys(
 // Generate Derived Keys (from session key) for ContentKeySession
 OEMCryptoResult ContentKeySession::GenerateDerivedKeys(
-    const std::string& message,
+    const std::string& message, const std::string& session_key) {
    const std::string& session_key) {
  std::string mac_deriv_message;
  std::string enc_deriv_message;
  GenerateMacContext(message, &mac_deriv_message);
--- a/libwvdrmengine/cdm/core/src/crypto_session.cpp
+++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp
@@ -8,6 +8,7 @@
 #include "crypto_session.h"
 #include <string.h>
 #include <algorithm>
 #include <iostream>
 #include <memory>
@@ -129,15 +130,14 @@ OEMCrypto_LicenseType OEMCryptoLicenseType(CdmLicenseKeyType cdm_license_type) {
 }
 OEMCryptoCipherMode ToOEMCryptoCipherMode(CdmCipherMode cipher_mode) {
-  return cipher_mode == kCipherModeCtr
+  return cipher_mode == kCipherModeCtr ? OEMCrypto_CipherMode_CTR
-      ? OEMCrypto_CipherMode_CTR : OEMCrypto_CipherMode_CBC;
+                                       : OEMCrypto_CipherMode_CBC;
 }
 // This maps a few common OEMCryptoResult to CdmResponseType. Many mappings
 // are not universal but are OEMCrypto method specific. Those will be
 // specified in the CryptoSession method rather than here.
-CdmResponseType MapOEMCryptoResult(
+CdmResponseType MapOEMCryptoResult(OEMCryptoResult result,
    OEMCryptoResult result,
                                   CdmResponseType default_status,
                                   const char* error_string) {
  if (result != OEMCrypto_SUCCESS) {
@@ -187,8 +187,7 @@ CryptoSession::~CryptoSession() {
 }
 CdmResponseType CryptoSession::GetProvisioningMethod(
-    SecurityLevel requested_security_level,
+    SecurityLevel requested_security_level, CdmClientTokenType* token_type) {
    CdmClientTokenType* token_type) {
  OEMCrypto_ProvisioningMethod method;
  WithOecReadLock("GetProvisioningMethod", [&] {
    method = OEMCrypto_GetProvisioningMethod(requested_security_level);
@@ -252,9 +251,7 @@ void CryptoSession::Terminate() {
    }
    if (session_count_ > 0 || !initialized_) return;
    OEMCryptoResult sts;
-    WithOecWriteLock("Terminate", [&] {
+    WithOecWriteLock("Terminate", [&] { sts = OEMCrypto_Terminate(); });
      sts = OEMCrypto_Terminate();
    });
    if (OEMCrypto_SUCCESS != sts) {
      LOGE("OEMCrypto_Terminate failed: %d", sts);
    }
@@ -283,8 +280,7 @@ CdmResponseType CryptoSession::GetTokenFromKeybox(std::string* token) {
  OEMCryptoResult status;
  WithOecReadLock("GetTokenFromKeybox", [&] {
-    M_TIME(
+    M_TIME(status =
        status =
               OEMCrypto_GetKeyData(buf, &buf_size, requested_security_level_),
           metrics_, oemcrypto_get_key_data_, status,
           metrics::Pow2Bucket(buf_size));
@@ -294,8 +290,8 @@ CdmResponseType CryptoSession::GetTokenFromKeybox(std::string* token) {
    token->swap(temp_buffer);
  }
-  return MapOEMCryptoResult(
+  return MapOEMCryptoResult(status, GET_TOKEN_FROM_KEYBOX_ERROR,
-      status, GET_TOKEN_FROM_KEYBOX_ERROR, "GetTokenFromKeybox");
+                            "GetTokenFromKeybox");
 }
 CdmResponseType CryptoSession::GetTokenFromOemCert(std::string* token) {
@@ -314,8 +310,8 @@ CdmResponseType CryptoSession::GetTokenFromOemCert(std::string* token) {
    size_t buf_size = temp_buffer.size();
    uint8_t* buf = reinterpret_cast<uint8_t*>(&temp_buffer[0]);
    WithOecSessionLock("GetTokenFromOemCert", [&] {
-      status = OEMCrypto_GetOEMPublicCertificate(oec_session_id_, buf,
+      status =
-                                                 &buf_size);
+          OEMCrypto_GetOEMPublicCertificate(oec_session_id_, buf, &buf_size);
    });
    metrics_->oemcrypto_get_oem_public_certificate_.Increment(status);
@@ -332,8 +328,8 @@ CdmResponseType CryptoSession::GetTokenFromOemCert(std::string* token) {
      continue;
    }
-    return MapOEMCryptoResult(
+    return MapOEMCryptoResult(status, GET_TOKEN_FROM_OEM_CERT_ERROR,
-        status, GET_TOKEN_FROM_OEM_CERT_ERROR, "GetTokenFromOemCert");
+                              "GetTokenFromOemCert");
  }
 }
@@ -345,7 +341,8 @@ CdmResponseType CryptoSession::GetProvisioningToken(std::string* token) {
  }
  if (!IsInitialized()) {
-    metrics_->crypto_session_get_token_.Increment(CRYPTO_SESSION_NOT_INITIALIZED);
+    metrics_->crypto_session_get_token_.Increment(
        CRYPTO_SESSION_NOT_INITIALIZED);
    return CRYPTO_SESSION_NOT_INITIALIZED;
  }
@@ -431,8 +428,8 @@ CdmResponseType CryptoSession::GetInternalDeviceUniqueId(
  if (sts == OEMCrypto_ERROR_SHORT_BUFFER) {
    id.resize(id_length);
    WithOecReadLock("GetInternalDeviceUniqueId Attempt 2", [&] {
-      sts = OEMCrypto_GetDeviceID(&id[0], &id_length,
+      sts =
-                                  requested_security_level_);
+          OEMCrypto_GetDeviceID(&id[0], &id_length, requested_security_level_);
    });
    metrics_->oemcrypto_get_device_id_.Increment(sts);
  }
@@ -451,8 +448,8 @@ CdmResponseType CryptoSession::GetInternalDeviceUniqueId(
      device_id->assign(reinterpret_cast<char*>(&id[0]), id_length);
    }
-    return MapOEMCryptoResult(
+    return MapOEMCryptoResult(sts, GET_DEVICE_ID_ERROR,
-        sts, GET_DEVICE_ID_ERROR, "GetInternalDeviceUniqueId");
+                              "GetInternalDeviceUniqueId");
  }
 }
@@ -507,9 +504,8 @@ bool CryptoSession::GetApiVersion(SecurityLevel security_level,
    return false;
  }
-  WithOecReadLock("GetApiVersion", [&] {
+  WithOecReadLock("GetApiVersion",
-    *version = OEMCrypto_APIVersion(security_level);
+                  [&] { *version = OEMCrypto_APIVersion(security_level); });
  });
  // Record the version into the metrics.
  metrics_->oemcrypto_api_version_.Record(*version);
@@ -573,8 +569,10 @@ CdmResponseType CryptoSession::GetSystemIdInternal(uint32_t* system_id) {
  } else if (pre_provision_token_type_ == kClientTokenDrmCert) {
    return NO_ERROR;
  } else {
-    LOGE("CryptoSession::GetSystemIdInternal: "
+    LOGE(
-         "Unsupported pre-provision token type %d", pre_provision_token_type_);
+        "CryptoSession::GetSystemIdInternal: "
        "Unsupported pre-provision token type %d",
        pre_provision_token_type_);
    return UNKNOWN_CLIENT_TOKEN_TYPE;
  }
 }
@@ -647,8 +645,7 @@ CdmResponseType CryptoSession::Open(SecurityLevel requested_security_level) {
  if (!IsInitialized()) return UNKNOWN_ERROR;
  if (open_) return NO_ERROR;
-  CdmResponseType result =
+  CdmResponseType result = GetProvisioningMethod(requested_security_level,
      GetProvisioningMethod(requested_security_level,
                                                 &pre_provision_token_type_);
  if (result != NO_ERROR) return result;
@@ -661,8 +658,7 @@ CdmResponseType CryptoSession::Open(SecurityLevel requested_security_level) {
  if (sts != OEMCrypto_SUCCESS) {
    WithStaticFieldReadLock(
-        "Open() reporting OEMCrypto_OpenSession Failure",
+        "Open() reporting OEMCrypto_OpenSession Failure", [&] {
        [&] {
          LOGE("OEMCrypto_Open failed: %d, open sessions: %ld, initialized: %d",
               sts, session_count_, (int)initialized_);
        });
@@ -757,9 +753,8 @@ void CryptoSession::Close() {
  OEMCryptoResult close_sts;
  bool update_usage_table = false;
-  WithOecWriteLock("Close", [&] {
+  WithOecWriteLock(
-    close_sts = OEMCrypto_CloseSession(oec_session_id_);
+      "Close", [&] { close_sts = OEMCrypto_CloseSession(oec_session_id_); });
  });
  metrics_->oemcrypto_close_session_.Increment(close_sts);
  if (OEMCrypto_SUCCESS == close_sts) open_ = false;
  update_usage_table = update_usage_table_after_close_session_;
@@ -816,9 +811,9 @@ CdmResponseType CryptoSession::LoadKeys(
    }
    LOGV("LoadKeys: id=%lu", oec_session_id_);
-    sts = key_session_->LoadKeys(
+    sts = key_session_->LoadKeys(message, signature, mac_key_iv, mac_key, keys,
-        message, signature, mac_key_iv, mac_key, keys, provider_session_token,
+                                 provider_session_token, &cipher_mode_,
-        &cipher_mode_, srm_requirement);
+                                 srm_requirement);
  });
  if (sts != OEMCrypto_SUCCESS) {
@@ -896,8 +891,7 @@ CdmResponseType CryptoSession::LoadCertificatePrivateKey(
  LOGV("LoadDeviceRSAKey: id=%lu", oec_session_id_);
  WithOecSessionLock(
-      "LoadCertificatePrivateKey() calling OEMCrypto_LoadDeviceRSAKey()",
+      "LoadCertificatePrivateKey() calling OEMCrypto_LoadDeviceRSAKey()", [&] {
      [&] {
        M_TIME(sts = OEMCrypto_LoadDeviceRSAKey(
                   oec_session_id_,
                   reinterpret_cast<const uint8_t*>(wrapped_key.data()),
@@ -905,8 +899,8 @@ CdmResponseType CryptoSession::LoadCertificatePrivateKey(
               metrics_, oemcrypto_load_device_rsa_key_, sts);
      });
-  return MapOEMCryptoResult(
+  return MapOEMCryptoResult(sts, LOAD_DEVICE_RSA_KEY_ERROR,
-      sts, LOAD_DEVICE_RSA_KEY_ERROR, "LoadCertificatePrivateKey");
+                            "LoadCertificatePrivateKey");
 }
 CdmResponseType CryptoSession::RefreshKeys(const std::string& message,
@@ -937,16 +931,14 @@ CdmResponseType CryptoSession::RefreshKeys(const std::string& message,
  if (refresh_sts == OEMCrypto_SUCCESS) return KEY_ADDED;
-  return MapOEMCryptoResult(
+  return MapOEMCryptoResult(refresh_sts, REFRESH_KEYS_ERROR, "RefreshKeys");
      refresh_sts, REFRESH_KEYS_ERROR, "RefreshKeys");
 }
 CdmResponseType CryptoSession::SelectKey(const std::string& key_id,
                                         CdmCipherMode cipher_mode) {
  OEMCryptoResult sts;
-  WithOecSessionLock("SelectKey", [&] {
+  WithOecSessionLock(
-    sts = key_session_->SelectKey(key_id, cipher_mode);
+      "SelectKey", [&] { sts = key_session_->SelectKey(key_id, cipher_mode); });
  });
  switch (sts) {
    case OEMCrypto_SUCCESS:
@@ -982,12 +974,11 @@ CdmResponseType CryptoSession::SelectKey(const std::string& key_id,
 CdmResponseType CryptoSession::GenerateDerivedKeys(const std::string& message) {
  OEMCryptoResult sts;
-  WithOecSessionLock("GenerateDerivedKeys without session_key", [&] {
+  WithOecSessionLock("GenerateDerivedKeys without session_key",
-    sts = key_session_->GenerateDerivedKeys(message);
+                     [&] { sts = key_session_->GenerateDerivedKeys(message); });
  });
-  return MapOEMCryptoResult(
+  return MapOEMCryptoResult(sts, GENERATE_DERIVED_KEYS_ERROR_2,
-      sts, GENERATE_DERIVED_KEYS_ERROR_2, "GenerateDerivedKeys");
+                            "GenerateDerivedKeys");
 }
 CdmResponseType CryptoSession::GenerateDerivedKeys(
@@ -997,8 +988,8 @@ CdmResponseType CryptoSession::GenerateDerivedKeys(
    sts = key_session_->GenerateDerivedKeys(message, session_key);
  });
-  return MapOEMCryptoResult(
+  return MapOEMCryptoResult(sts, GENERATE_DERIVED_KEYS_ERROR,
-      sts, GENERATE_DERIVED_KEYS_ERROR, "GenerateDerivedKeys");
+                            "GenerateDerivedKeys");
 }
 CdmResponseType CryptoSession::GenerateSignature(const std::string& message,
@@ -1016,12 +1007,11 @@ CdmResponseType CryptoSession::GenerateSignature(const std::string& message,
  // The first attempt may fail due to buffer too short
  for (int i = 0; i < 2; ++i) {
    WithOecSessionLock("GenerateSignature", [&] {
-      M_TIME(sts = OEMCrypto_GenerateSignature(
+      M_TIME(
-                 oec_session_id_,
+          sts = OEMCrypto_GenerateSignature(
-                 reinterpret_cast<const uint8_t*>(message.data()),
+              oec_session_id_, reinterpret_cast<const uint8_t*>(message.data()),
              message.size(),
-                 reinterpret_cast<uint8_t*>(
+              reinterpret_cast<uint8_t*>(const_cast<char*>(signature->data())),
                     const_cast<char*>(signature->data())),
              &length),
          metrics_, oemcrypto_generate_signature_, sts,
          metrics::Pow2Bucket(length));
@@ -1039,8 +1029,7 @@ CdmResponseType CryptoSession::GenerateSignature(const std::string& message,
    signature->resize(length);
  }
-  return MapOEMCryptoResult(
+  return MapOEMCryptoResult(sts, GENERATE_SIGNATURE_ERROR, "GenerateSignature");
      sts, GENERATE_SIGNATURE_ERROR, "GenerateSignature");
 }
 CdmResponseType CryptoSession::GenerateRsaSignature(const std::string& message,
@@ -1059,12 +1048,11 @@ CdmResponseType CryptoSession::GenerateRsaSignature(const std::string& message,
  // The first attempt may fail due to buffer too short
  for (int i = 0; i < 2; ++i) {
    WithOecSessionLock("GenerateRsaSignature", [&] {
-      M_TIME(sts = OEMCrypto_GenerateRSASignature(
+      M_TIME(
-                 oec_session_id_,
+          sts = OEMCrypto_GenerateRSASignature(
-                 reinterpret_cast<const uint8_t*>(message.data()),
+              oec_session_id_, reinterpret_cast<const uint8_t*>(message.data()),
              message.size(),
-                 reinterpret_cast<uint8_t*>(
+              reinterpret_cast<uint8_t*>(const_cast<char*>(signature->data())),
                     const_cast<char*>(signature->data())),
              &length, kSign_RSASSA_PSS),
          metrics_, oemcrypto_generate_rsa_signature_, sts,
          metrics::Pow2Bucket(length));
@@ -1083,8 +1071,8 @@ CdmResponseType CryptoSession::GenerateRsaSignature(const std::string& message,
    signature->resize(length);
  }
-  return MapOEMCryptoResult(
+  return MapOEMCryptoResult(sts, RSA_SIGNATURE_GENERATION_ERROR,
-      sts, RSA_SIGNATURE_GENERATION_ERROR, "OEMCrypto_GenerateRSASignature");
+                            "OEMCrypto_GenerateRSASignature");
 }
 CdmResponseType CryptoSession::Decrypt(const CdmDecryptionParameters& params) {
@@ -1125,10 +1113,9 @@ CdmResponseType CryptoSession::Decrypt(const CdmDecryptionParameters& params) {
      params.subsample_flags ==
          (OEMCrypto_FirstSubsample | OEMCrypto_LastSubsample)) {
    WithOecSessionLock("Decrypt() calling CopyBuffer", [&] {
-      M_TIME(sts = OEMCrypto_CopyBuffer(oec_session_id_, params.encrypt_buffer,
+      M_TIME(sts = OEMCrypto_CopyBuffer(
-                                        params.encrypt_length,
+                 oec_session_id_, params.encrypt_buffer, params.encrypt_length,
-                                        &buffer_descriptor,
+                 &buffer_descriptor, params.subsample_flags),
                                        params.subsample_flags),
             metrics_, oemcrypto_copy_buffer_, sts,
             metrics::Pow2Bucket(params.encrypt_length));
    });
@@ -1157,8 +1144,8 @@ CdmResponseType CryptoSession::Decrypt(const CdmDecryptionParameters& params) {
    }
    WithOecSessionLock("Decrypt() calling key_session_->Decrypt()", [&] {
-      sts = key_session_->Decrypt(params, buffer_descriptor,
+      sts =
-                                  pattern_descriptor);
+          key_session_->Decrypt(params, buffer_descriptor, pattern_descriptor);
    });
    if (sts == OEMCrypto_ERROR_BUFFER_TOO_LARGE) {
@@ -1232,8 +1219,7 @@ bool CryptoSession::UsageInformationSupport(SecurityLevel security_level,
 }
 CdmResponseType CryptoSession::UpdateUsageInformation() {
-  LOGV("CryptoSession::UpdateUsageInformation: id=%lu",
+  LOGV("CryptoSession::UpdateUsageInformation: id=%lu", oec_session_id_);
       oec_session_id_);
  if (!IsInitialized()) return UNKNOWN_ERROR;
  if (usage_table_header_ != NULL) {
@@ -1242,9 +1228,8 @@ CdmResponseType CryptoSession::UpdateUsageInformation() {
  }
  OEMCryptoResult status;
-  WithOecWriteLock("UpdateUsageInformation", [&] {
+  WithOecWriteLock("UpdateUsageInformation",
-    status = OEMCrypto_UpdateUsageTable();
+                   [&] { status = OEMCrypto_UpdateUsageTable(); });
  });
  metrics_->oemcrypto_update_usage_table_.Increment(status);
  if (status != OEMCrypto_SUCCESS) {
    LOGE("CryptoSession::UpdateUsageInformation: error=%ld", status);
@@ -1263,8 +1248,8 @@ CdmResponseType CryptoSession::DeactivateUsageInformation(
  // TODO(fredgc or rfrias): make sure oec_session_id_ is valid.
  OEMCryptoResult status;
  WithOecWriteLock("DeactivateUsageInformation", [&] {
-    status = OEMCrypto_DeactivateUsageEntry(
+    status = OEMCrypto_DeactivateUsageEntry(oec_session_id_, pst,
-        oec_session_id_, pst, provider_session_token.length());
+                                            provider_session_token.length());
  });
  metrics_->oemcrypto_deactivate_usage_entry_.Increment(status);
@@ -1303,15 +1288,15 @@ CdmResponseType CryptoSession::GenerateUsageReport(
  size_t usage_length = 0;
  OEMCryptoResult status;
  WithOecWriteLock("GenerateUsageReport Attempt 1", [&] {
-    status = OEMCrypto_ReportUsage(
+    status = OEMCrypto_ReportUsage(oec_session_id_, pst,
-        oec_session_id_, pst, provider_session_token.length(), NULL,
+                                   provider_session_token.length(), NULL,
                                   &usage_length);
  });
  metrics_->oemcrypto_report_usage_.Increment(status);
  if (status != OEMCrypto_SUCCESS && status != OEMCrypto_ERROR_SHORT_BUFFER) {
-    return MapOEMCryptoResult(
+    return MapOEMCryptoResult(status, GENERATE_USAGE_REPORT_ERROR,
-        status, GENERATE_USAGE_REPORT_ERROR, "GenerateUsageReport");
+                              "GenerateUsageReport");
  }
  std::vector<uint8_t> buffer(usage_length);
@@ -1324,8 +1309,8 @@ CdmResponseType CryptoSession::GenerateUsageReport(
  metrics_->oemcrypto_report_usage_.Increment(status);
  if (status != OEMCrypto_SUCCESS) {
-    return MapOEMCryptoResult(
+    return MapOEMCryptoResult(status, GENERATE_USAGE_REPORT_ERROR,
-        status, GENERATE_USAGE_REPORT_ERROR, "OEMCrypto_ReportUsage");
+                              "OEMCrypto_ReportUsage");
  }
  if (usage_length != buffer.size()) {
@@ -1458,9 +1443,8 @@ CdmResponseType CryptoSession::DeleteMultipleUsageInformation(
 CdmResponseType CryptoSession::DeleteAllUsageReports() {
  LOGV("DeleteAllUsageReports");
  OEMCryptoResult status;
-  WithOecWriteLock("DeleteAllUsageReports", [&] {
+  WithOecWriteLock("DeleteAllUsageReports",
-    status = OEMCrypto_DeleteOldUsageTable();
+                   [&] { status = OEMCrypto_DeleteOldUsageTable(); });
  });
  metrics_->oemcrypto_delete_usage_table_.Increment(status);
  if (OEMCrypto_SUCCESS != status) {
    LOGE(
@@ -1513,12 +1497,9 @@ bool CryptoSession::SetDestinationBufferType() {
 }
 CdmResponseType CryptoSession::RewrapCertificate(
-    const std::string& signed_message,
+    const std::string& signed_message, const std::string& signature,
-    const std::string& signature,
+    const std::string& nonce, const std::string& private_key,
-    const std::string& nonce,
+    const std::string& iv, const std::string& wrapping_key,
    const std::string& private_key,
    const std::string& iv,
    const std::string& wrapping_key,
    std::string* wrapped_private_key) {
  LOGV("CryptoSession::RewrapCertificate, session id=%lu", oec_session_id_);
@@ -1540,12 +1521,9 @@ CdmResponseType CryptoSession::RewrapCertificate(
 }
 CdmResponseType CryptoSession::RewrapDeviceRSAKey(
-    const std::string& message,
+    const std::string& message, const std::string& signature,
-    const std::string& signature,
+    const std::string& nonce, const std::string& enc_rsa_key,
-    const std::string& nonce,
+    const std::string& rsa_key_iv, std::string* wrapped_rsa_key) {
    const std::string& enc_rsa_key,
    const std::string& rsa_key_iv,
    std::string* wrapped_rsa_key) {
  LOGV("CryptoSession::RewrapDeviceRSAKey, session id=%lu", oec_session_id_);
  const uint8_t* signed_msg = reinterpret_cast<const uint8_t*>(message.data());
@@ -1573,37 +1551,33 @@ CdmResponseType CryptoSession::RewrapDeviceRSAKey(
  });
  if (status != OEMCrypto_ERROR_SHORT_BUFFER) {
-    return MapOEMCryptoResult(
+    return MapOEMCryptoResult(status, REWRAP_DEVICE_RSA_KEY_ERROR,
-        status, REWRAP_DEVICE_RSA_KEY_ERROR, "RewrapDeviceRSAKey");
+                              "RewrapDeviceRSAKey");
  }
  wrapped_rsa_key->resize(wrapped_rsa_key_length);
  WithOecSessionLock("RewrapDeviceRSAKey Attempt 2", [&] {
-    M_TIME(status = OEMCrypto_RewrapDeviceRSAKey(
+    M_TIME(
        status = OEMCrypto_RewrapDeviceRSAKey(
            oec_session_id_, signed_msg, message.size(),
            reinterpret_cast<const uint8_t*>(signature.data()),
            signature.size(), msg_nonce, msg_rsa_key, enc_rsa_key.size(),
-               msg_rsa_key_iv,
+            msg_rsa_key_iv, reinterpret_cast<uint8_t*>(&(*wrapped_rsa_key)[0]),
               reinterpret_cast<uint8_t*>(&(*wrapped_rsa_key)[0]),
            &wrapped_rsa_key_length),
        metrics_, oemcrypto_rewrap_device_rsa_key_, status);
  });
  wrapped_rsa_key->resize(wrapped_rsa_key_length);
-  return MapOEMCryptoResult(
+  return MapOEMCryptoResult(status, REWRAP_DEVICE_RSA_KEY_ERROR,
-      status, REWRAP_DEVICE_RSA_KEY_ERROR, "RewrapDeviceRSAKey");
+                            "RewrapDeviceRSAKey");
 }
 CdmResponseType CryptoSession::RewrapDeviceRSAKey30(
-    const std::string& message,
+    const std::string& message, const std::string& nonce,
-    const std::string& nonce,
+    const std::string& private_key, const std::string& iv,
-    const std::string& private_key,
+    const std::string& wrapping_key, std::string* wrapped_private_key) {
-    const std::string& iv,
+  LOGV("CryptoSession::RewrapDeviceRSAKey30, session id=%lu", oec_session_id_);
    const std::string& wrapping_key,
    std::string* wrapped_private_key) {
  LOGV("CryptoSession::RewrapDeviceRSAKey30, session id=%lu",
       oec_session_id_);
  const uint8_t* signed_msg = reinterpret_cast<const uint8_t*>(message.data());
  const uint8_t* msg_private_key = NULL;
@@ -1623,38 +1597,32 @@ CdmResponseType CryptoSession::RewrapDeviceRSAKey30(
  size_t wrapped_private_key_length = 0;
  OEMCryptoResult status;
  WithOecSessionLock("RewrapDeviceRSAKey30 Attempt 1", [&] {
-    M_TIME(
+    M_TIME(status = OEMCrypto_RewrapDeviceRSAKey30(
-        status = OEMCrypto_RewrapDeviceRSAKey30(
+               oec_session_id_, msg_nonce, msg_wrapping_key,
-            oec_session_id_, msg_nonce, msg_wrapping_key, wrapping_key.size(),
+               wrapping_key.size(), msg_private_key, private_key.size(), msg_iv,
-            msg_private_key, private_key.size(), msg_iv, NULL,
+               NULL, &wrapped_private_key_length),
-            &wrapped_private_key_length),
+           metrics_, oemcrypto_rewrap_device_rsa_key_30_, status);
        metrics_,
        oemcrypto_rewrap_device_rsa_key_30_,
        status);
  });
  if (status != OEMCrypto_ERROR_SHORT_BUFFER) {
-    return MapOEMCryptoResult(
+    return MapOEMCryptoResult(status, REWRAP_DEVICE_RSA_KEY_30_ERROR,
-        status, REWRAP_DEVICE_RSA_KEY_30_ERROR, "RewrapDeviceRSAKey30");
+                              "RewrapDeviceRSAKey30");
  }
  wrapped_private_key->resize(wrapped_private_key_length);
  WithOecSessionLock("RewrapDeviceRSAKey30 Attempt 2", [&] {
-    M_TIME(
+    M_TIME(status = OEMCrypto_RewrapDeviceRSAKey30(
-        status = OEMCrypto_RewrapDeviceRSAKey30(
+               oec_session_id_, msg_nonce, msg_wrapping_key,
-            oec_session_id_, msg_nonce, msg_wrapping_key, wrapping_key.size(),
+               wrapping_key.size(), msg_private_key, private_key.size(), msg_iv,
            msg_private_key, private_key.size(), msg_iv,
               reinterpret_cast<uint8_t*>(&(*wrapped_private_key)[0]),
               &wrapped_private_key_length),
-        metrics_,
+           metrics_, oemcrypto_rewrap_device_rsa_key_30_, status);
        oemcrypto_rewrap_device_rsa_key_30_,
        status);
  });
  wrapped_private_key->resize(wrapped_private_key_length);
-  return MapOEMCryptoResult(
+  return MapOEMCryptoResult(status, REWRAP_DEVICE_RSA_KEY_30_ERROR,
-      status, REWRAP_DEVICE_RSA_KEY_30_ERROR, "RewrapDeviceRSAKey30");
+                            "RewrapDeviceRSAKey30");
 }
 CdmResponseType CryptoSession::GetHdcpCapabilities(HdcpCapability* current,
@@ -1694,8 +1662,8 @@ CdmResponseType CryptoSession::GetHdcpCapabilities(SecurityLevel security_level,
    metrics_->oemcrypto_max_hdcp_capability_.SetError(status);
  }
-  return MapOEMCryptoResult(
+  return MapOEMCryptoResult(status, GET_HDCP_CAPABILITY_FAILED,
-      status, GET_HDCP_CAPABILITY_FAILED, "GetHDCPCapability");
+                            "GetHDCPCapability");
 }
 bool CryptoSession::GetSupportedCertificateTypes(
@@ -1726,17 +1694,15 @@ CdmResponseType CryptoSession::GetRandom(size_t data_length,
    return PARAMETER_NULL;
  }
  OEMCryptoResult sts;
-  WithOecReadLock("GetRandom", [&] {
+  WithOecReadLock("GetRandom",
-    sts = OEMCrypto_GetRandom(random_data, data_length);
+                  [&] { sts = OEMCrypto_GetRandom(random_data, data_length); });
  });
  metrics_->oemcrypto_get_random_.Increment(sts);
  return MapOEMCryptoResult(sts, RANDOM_GENERATION_ERROR, "GetRandom");
 }
 CdmResponseType CryptoSession::GetNumberOfOpenSessions(
-    SecurityLevel security_level,
+    SecurityLevel security_level, size_t* count) {
    size_t* count) {
  LOGV("GetNumberOfOpenSessions");
  if (!IsInitialized()) {
    LOGW("CryptoSession::GetNumberOfOpenSessions: not initialized");
@@ -1760,13 +1726,12 @@ CdmResponseType CryptoSession::GetNumberOfOpenSessions(
    metrics_->oemcrypto_number_of_open_sessions_.SetError(status);
  }
-  return MapOEMCryptoResult(
+  return MapOEMCryptoResult(status, GET_NUMBER_OF_OPEN_SESSIONS_ERROR,
-      status, GET_NUMBER_OF_OPEN_SESSIONS_ERROR, "GetNumberOfOpenSessions");
+                            "GetNumberOfOpenSessions");
 }
 CdmResponseType CryptoSession::GetMaxNumberOfSessions(
-    SecurityLevel security_level,
+    SecurityLevel security_level, size_t* max) {
    size_t* max) {
  LOGV("GetMaxNumberOfSessions");
  if (!IsInitialized()) {
    LOGW("CryptoSession::GetMaxNumberOfSessions: not initialized");
@@ -1811,21 +1776,21 @@ CdmResponseType CryptoSession::GetSrmVersion(uint16_t* srm_version) {
  // SRM is an optional feature. Whether it is implemented is up to the
  // discretion of OEMs
  if (status == OEMCrypto_ERROR_NOT_IMPLEMENTED) {
-    LOGV("CryptoSession::GetSrmVersion: OEMCrypto_GetCurrentSRMVersion not "
+    LOGV(
        "CryptoSession::GetSrmVersion: OEMCrypto_GetCurrentSRMVersion not "
        "implemented");
    return NOT_IMPLEMENTED_ERROR;
  }
-  return MapOEMCryptoResult(
+  return MapOEMCryptoResult(status, GET_SRM_VERSION_ERROR,
-      status, GET_SRM_VERSION_ERROR, "GetCurrentSRMVersion");
+                            "GetCurrentSRMVersion");
 }
 bool CryptoSession::IsSrmUpdateSupported() {
  LOGV("IsSrmUpdateSupported");
  if (!IsInitialized()) return false;
-  return WithOecReadLock("IsSrmUpdateSupported", [&] {
+  return WithOecReadLock("IsSrmUpdateSupported",
-    return OEMCrypto_IsSRMUpdateSupported();
+                         [&] { return OEMCrypto_IsSRMUpdateSupported(); });
  });
 }
 CdmResponseType CryptoSession::LoadSrm(const std::string& srm) {
@@ -1838,8 +1803,8 @@ CdmResponseType CryptoSession::LoadSrm(const std::string& srm) {
  OEMCryptoResult status;
  WithOecWriteLock("LoadSrm", [&] {
-    status = OEMCrypto_LoadSRM(
+    status = OEMCrypto_LoadSRM(reinterpret_cast<const uint8_t*>(srm.data()),
-        reinterpret_cast<const uint8_t*>(srm.data()), srm.size());
+                               srm.size());
  });
  return MapOEMCryptoResult(status, LOAD_SRM_ERROR, "LoadSRM");
@@ -1938,8 +1903,7 @@ uint32_t CryptoSession::IsDecryptHashSupported(SecurityLevel security_level) {
  return secure_decrypt_support;
 }
-CdmResponseType CryptoSession::SetDecryptHash(
+CdmResponseType CryptoSession::SetDecryptHash(uint32_t frame_number,
    uint32_t frame_number,
                                              const std::string& hash) {
  LOGV("SetDecryptHash");
  OEMCryptoResult sts;
@@ -2486,8 +2450,8 @@ CdmResponseType CryptoSession::ShrinkUsageTableHeader(
  size_t usage_table_header_len = 0;
  OEMCryptoResult result;
  WithOecWriteLock("ShrinkUsageTableHeader Attempt 1", [&] {
-    result = OEMCrypto_ShrinkUsageTableHeader(
+    result = OEMCrypto_ShrinkUsageTableHeader(requested_security_level_,
-        requested_security_level_, new_entry_count, NULL,
+                                              new_entry_count, NULL,
                                              &usage_table_header_len);
    metrics_->oemcrypto_shrink_usage_table_header_.Increment(result);
  });
@@ -2522,8 +2486,8 @@ CdmResponseType CryptoSession::MoveUsageEntry(uint32_t new_entry_number) {
    metrics_->oemcrypto_move_entry_.Increment(result);
  });
-  return MapOEMCryptoResult(
+  return MapOEMCryptoResult(result, MOVE_USAGE_ENTRY_UNKNOWN_ERROR,
-      result, MOVE_USAGE_ENTRY_UNKNOWN_ERROR, "MoveUsageEntry");
+                            "MoveUsageEntry");
 }
 bool CryptoSession::CreateOldUsageEntry(
@@ -2592,8 +2556,8 @@ CdmResponseType CryptoSession::CopyOldUsageEntry(
    metrics_->oemcrypto_copy_old_usage_entry_.Increment(result);
  });
-  return MapOEMCryptoResult(
+  return MapOEMCryptoResult(result, COPY_OLD_USAGE_ENTRY_UNKNOWN_ERROR,
-      result, COPY_OLD_USAGE_ENTRY_UNKNOWN_ERROR, "CopyOldUsageEntry");
+                            "CopyOldUsageEntry");
 }
 bool CryptoSession::GetAnalogOutputCapabilities(bool* can_support_output,
--- a/libwvdrmengine/cdm/core/src/device_files.cpp
+++ b/libwvdrmengine/cdm/core/src/device_files.cpp
@@ -5,6 +5,7 @@
 #include "device_files.h"
 #include <string.h>
 #include <string>
 #include "file_store.h"
@@ -31,13 +32,13 @@ using video_widevine_client::sdk::UsageTableInfo;
 using video_widevine_client::sdk::UsageTableInfo_UsageEntryInfo;
 using video_widevine_client::sdk::
    UsageTableInfo_UsageEntryInfo_UsageEntryStorage_LICENSE;
 using video_widevine_client::sdk::
    UsageTableInfo_UsageEntryInfo_UsageEntryStorage_USAGE_INFO;
 using video_widevine_client::sdk::
    UsageTableInfo_UsageEntryInfo_UsageEntryStorage_UNKNOWN;
 using video_widevine_client::sdk::
    UsageTableInfo_UsageEntryInfo_UsageEntryStorage_USAGE_INFO;
 using video_widevine::SignedDrmDeviceCertificate;
 using video_widevine::DrmDeviceCertificate;
 using video_widevine::SignedDrmDeviceCertificate;
 #define RETURN_FALSE_IF_NULL(PARAM) \
  if (PARAM == nullptr) {           \
@@ -107,8 +108,8 @@ bool DeviceFiles::StoreCertificate(const std::string& certificate,
  std::string serialized_file;
  file.SerializeToString(&serialized_file);
-  return
+  return StoreFileWithHash(GetCertificateFileName(), serialized_file) ==
-      StoreFileWithHash(GetCertificateFileName(), serialized_file) == kNoError;
+         kNoError;
 }
 bool DeviceFiles::RetrieveCertificate(std::string* certificate,
@@ -161,7 +162,8 @@ bool DeviceFiles::ExtractDeviceInfo(const std::string& device_certificate,
  SignedDrmDeviceCertificate signed_drm_device_certificate;
  if (!signed_drm_device_certificate.ParseFromString(device_certificate) ||
      !signed_drm_device_certificate.has_drm_certificate()) {
-    LOGE("DeviceFiles::ExtractDeviceInfo: fails parsing signed drm device "
+    LOGE(
        "DeviceFiles::ExtractDeviceInfo: fails parsing signed drm device "
        "certificate.");
    return false;
  }
@@ -170,7 +172,8 @@ bool DeviceFiles::ExtractDeviceInfo(const std::string& device_certificate,
          signed_drm_device_certificate.drm_certificate()) ||
      (drm_device_certificate.type() !=
       video_widevine::DrmDeviceCertificate::DRM_USER_DEVICE)) {
-    LOGE("DeviceFiles::ExtractDeviceInfo: fails parsing drm device "
+    LOGE(
        "DeviceFiles::ExtractDeviceInfo: fails parsing drm device "
        "certificate message.");
    return false;
  }
@@ -209,10 +212,8 @@ bool DeviceFiles::StoreLicense(
    const CdmKeyResponse& license_renewal,
    const std::string& release_server_url, int64_t playback_start_time,
    int64_t last_playback_time, int64_t grace_period_end_time,
-    const CdmAppParameterMap& app_parameters,
+    const CdmAppParameterMap& app_parameters, const CdmUsageEntry& usage_entry,
-    const CdmUsageEntry& usage_entry,
+    const uint32_t usage_entry_number, ResponseType* result) {
    const uint32_t usage_entry_number,
    ResponseType* result) {
  if (result == nullptr) {
    LOGE("DeviceFiles::StoreLicense: |result| not provided");
    return false;
@@ -492,8 +493,7 @@ bool DeviceFiles::StoreUsageInfo(const std::string& provider_session_token,
 }
 bool DeviceFiles::ListUsageIds(
-    const std::string& app_id,
+    const std::string& app_id, std::vector<std::string>* ksids,
    std::vector<std::string>* ksids,
    std::vector<std::string>* provider_session_tokens) {
  if (!initialized_) {
    LOGW("DeviceFiles::ListUsageIds: not initialized");
@@ -718,12 +718,9 @@ bool DeviceFiles::RetrieveUsageInfo(const std::string& usage_info_file_name,
 }
 bool DeviceFiles::RetrieveUsageInfoByKeySetId(
-    const std::string& usage_info_file_name,
+    const std::string& usage_info_file_name, const std::string& key_set_id,
-    const std::string& key_set_id,
+    std::string* provider_session_token, CdmKeyMessage* license_request,
-    std::string* provider_session_token,
+    CdmKeyResponse* license_response, std::string* usage_entry,
    CdmKeyMessage* license_request,
    CdmKeyResponse* license_response,
    std::string* usage_entry,
    uint32_t* usage_entry_number) {
  if (!initialized_) {
    LOGW("DeviceFiles::RetrieveUsageInfoByKeySetId: not initialized");
@@ -798,7 +795,6 @@ bool DeviceFiles::UpdateUsageInfo(const std::string& usage_info_file_name,
    return false;
  }
  if (RetrieveHashedFile(usage_info_file_name, &file) != kNoError) {
    LOGW("DeviceFiles::UpdateUsageInfo: Unable to retrieve file");
    return false;
@@ -818,8 +814,8 @@ bool DeviceFiles::UpdateUsageInfo(const std::string& usage_info_file_name,
      std::string serialized_file;
      file.SerializeToString(&serialized_file);
-      return
+      return StoreFileWithHash(usage_info_file_name, serialized_file) ==
-          StoreFileWithHash(usage_info_file_name, serialized_file) == kNoError;
+             kNoError;
    }
  }
@@ -928,8 +924,7 @@ bool DeviceFiles::ListUsageInfoFiles(
    std::string* name = &filenames[i];
    std::size_t pos_prefix = name->find(kUsageInfoFileNamePrefix);
    std::size_t pos_suffix = name->find(kUsageInfoFileNameExt);
-    if (pos_prefix == std::string::npos ||
+    if (pos_prefix == std::string::npos || pos_suffix == std::string::npos) {
        pos_suffix == std::string::npos) {
      // Skip this file - extension does not match
      continue;
    }
@@ -1080,8 +1075,8 @@ bool DeviceFiles::StoreUsageTableInfo(
  std::string serialized_file;
  file.SerializeToString(&serialized_file);
-  return
+  return StoreFileWithHash(GetUsageTableFileName(), serialized_file) ==
-      StoreFileWithHash(GetUsageTableFileName(), serialized_file) == kNoError;
+         kNoError;
 }
 bool DeviceFiles::RetrieveUsageTableInfo(
@@ -1160,8 +1155,7 @@ bool DeviceFiles::DeleteUsageTableInfo() {
 }
 DeviceFiles::ResponseType DeviceFiles::StoreFileWithHash(
-    const std::string& name,
+    const std::string& name, const std::string& serialized_file) {
    const std::string& serialized_file) {
  std::string hash = Sha256Hash(serialized_file);
  // Fill in hashed file data
@@ -1176,8 +1170,7 @@ DeviceFiles::ResponseType DeviceFiles::StoreFileWithHash(
 }
 DeviceFiles::ResponseType DeviceFiles::StoreFileRaw(
-    const std::string& name,
+    const std::string& name, const std::string& serialized_file) {
    const std::string& serialized_file) {
  std::string path;
  if (!Properties::GetDeviceFilesBasePath(security_level_, &path)) {
    LOGW("DeviceFiles::StoreFileRaw: Unable to get base path");
@@ -1335,9 +1328,7 @@ std::string DeviceFiles::GetCertificateFileName() {
  return kCertificateFileName;
 }
-std::string DeviceFiles::GetUsageTableFileName() {
+std::string DeviceFiles::GetUsageTableFileName() { return kUsageTableFileName; }
  return kUsageTableFileName;
 }
 std::string DeviceFiles::GetHlsAttributesFileNameExtension() {
  return kHlsAttributesFileNameExt;
--- a/libwvdrmengine/cdm/core/src/entitlement_key_session.cpp
+++ b/libwvdrmengine/cdm/core/src/entitlement_key_session.cpp
@@ -8,7 +8,6 @@
 #include "crypto_session.h"
 #include "log.h"
 namespace wvcdm {
 EntitlementKeySession::EntitlementKeySession(CryptoSessionId oec_session_id,
                                             metrics::CryptoMetrics* metrics)
@@ -51,8 +50,8 @@ OEMCryptoResult EntitlementKeySession::SelectKey(const std::string& key_id,
  }
  CryptoKey entitled_content_key = entitled_keys_[key_id];
-  if (current_loaded_content_keys_[entitled_content_key
+  if (current_loaded_content_keys_[entitled_content_key.entitlement_key_id()] !=
-                                        .entitlement_key_id()] != key_id) {
+      key_id) {
    // Before the key can be selected, it must be loaded under its associated
    // entitlement key. This could, in theory, be done ahead of time during
    // LoadEntitledContentKeys(), but OEMCrypto v14 only supports one content
--- a/libwvdrmengine/cdm/core/src/initialization_data.cpp
+++ b/libwvdrmengine/cdm/core/src/initialization_data.cpp
@@ -5,6 +5,7 @@
 #include "initialization_data.h"
 #include <string.h>
 #include <string>
 #include "buffer_reader.h"
@@ -134,7 +135,8 @@ bool InitializationData::SelectWidevinePssh(const CdmInitData& init_data,
      if (!pssh.ParseFromString(pssh_payloads[i])) {
        LOGE(
            "InitializationData::SelectWidevinePssh: Unable to parse PSSH data "
-            "%lu into a protobuf.", i);
+            "%lu into a protobuf.",
            i);
        continue;
      }
      if (pssh.type() == WidevinePsshData_Type_ENTITLED_KEY) {
@@ -164,8 +166,8 @@ bool InitializationData::SelectWidevinePssh(const CdmInitData& init_data,
 // 4 byte size of PSSH data, exclusive. (N)
 // N byte PSSH data.
-bool InitializationData::ExtractWidevinePsshs(
+bool InitializationData::ExtractWidevinePsshs(const CdmInitData& init_data,
-  const CdmInitData& init_data, std::vector<CdmInitData>* psshs) {
+                                              std::vector<CdmInitData>* psshs) {
  if (psshs == NULL) {
    LOGE("InitializationData::ExtractWidevinePsshs: NULL psshs parameter");
    return false;
@@ -173,7 +175,8 @@ bool InitializationData::ExtractWidevinePsshs(
  psshs->clear();
  psshs->reserve(2);  // We expect 1 or 2 Widevine PSSHs
-  const uint8_t* data_start = reinterpret_cast<const uint8_t*>(init_data.data());
+  const uint8_t* data_start =
      reinterpret_cast<const uint8_t*>(init_data.data());
  BufferReader reader(data_start, init_data.length());
  while (!reader.IsEOF()) {
@@ -243,8 +246,9 @@ bool InitializationData::ExtractWidevinePsshs(
 // Checks if the given reader contains a Widevine PSSH. If so, it extracts the
 // data from the box. Returns true if a PSSH was extracted, false if there was
 // an error or if the data is not a Widevine PSSH.
-bool InitializationData::ExtractWidevinePsshData(
+bool InitializationData::ExtractWidevinePsshData(const uint8_t* data,
-    const uint8_t* data, size_t length, CdmInitData* output) {
+                                                 size_t length,
                                                 CdmInitData* output) {
  BufferReader reader(data, length);
  // Read the 32-bit size only so we can check if we need to expect a 64-bit
@@ -267,8 +271,7 @@ bool InitializationData::ExtractWidevinePsshData(
    return false;
  }
  if (memcmp(&atom_type[0], "pssh", 4) != 0) {
-    LOGV(
+    LOGV("InitializationData::ExtractWidevinePsshData: Atom type is not PSSH.");
        "InitializationData::ExtractWidevinePsshData: Atom type is not PSSH.");
    return false;
  }
@@ -313,9 +316,8 @@ bool InitializationData::ExtractWidevinePsshData(
        "system ID.");
    return false;
  }
-  if (memcmp(&system_id[0],
+  if (memcmp(&system_id[0], kWidevineSystemId, sizeof(kWidevineSystemId)) !=
-             kWidevineSystemId,
+      0) {
             sizeof(kWidevineSystemId)) != 0) {
    LOGV(
        "InitializationData::ExtractWidevinePsshData: Found a non-Widevine "
        "PSSH.");
--- a/libwvdrmengine/cdm/core/src/license.cpp
+++ b/libwvdrmengine/cdm/core/src/license.cpp
@@ -411,9 +411,8 @@ CdmResponseType CdmLicense::PrepareKeyUpdateRequest(
  license_request.set_request_time(clock_->GetCurrentTime());
  if (renew_with_client_id_) {
-    CdmResponseType status =
+    CdmResponseType status = PrepareClientId(
-        PrepareClientId(app_parameters, provider_client_token_,
+        app_parameters, provider_client_token_, &license_request);
                        &license_request);
    if (NO_ERROR != status) return status;
  }
@@ -567,9 +566,8 @@ CdmResponseType CdmLicense::HandleKeyResponse(
    LOGE("CdmLicense::HandleKeyResponse: no session keys present");
    return SESSION_KEYS_NOT_FOUND;
  }
-  CdmResponseType status =
+  CdmResponseType status = crypto_session_->GenerateDerivedKeys(
-      crypto_session_->GenerateDerivedKeys(key_request_,
+      key_request_, signed_response.session_key());
                                           signed_response.session_key());
  if (status != NO_ERROR) return status;
@@ -726,10 +724,9 @@ CdmResponseType CdmLicense::HandleKeyUpdateResponse(
  std::vector<CryptoKey> key_array = ExtractContentKeys(license);
-  CdmResponseType status =
+  CdmResponseType status = crypto_session_->RefreshKeys(
-      crypto_session_->RefreshKeys(signed_response.msg(),
+      signed_response.msg(), signed_response.signature(), key_array.size(),
-                                   signed_response.signature(),
+      &key_array[0]);
                                   key_array.size(), &key_array[0]);
  if (status == KEY_ADDED) {
    policy_engine_->UpdateLicense(license);
@@ -983,8 +980,7 @@ CdmResponseType CdmLicense::HandleKeyErrorResponse(
 CdmResponseType CdmLicense::PrepareClientId(
    const CdmAppParameterMap& app_parameters,
-    const std::string& provider_client_token,
+    const std::string& provider_client_token, LicenseRequest* license_request) {
    LicenseRequest* license_request) {
  wvcdm::ClientIdentification id;
  CdmResponseType status = id.Init(client_token_, device_id_, crypto_session_);
  if (status != NO_ERROR) return status;
--- a/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp
+++ b/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp
@@ -9,7 +9,9 @@
 // oemcrypto_adapter_static.cpp, but not both.
 //
 // clang-format off
 #include "oemcrypto_adapter.h"
 // clang-format on
 #include <dlfcn.h>
 #include <stdio.h>
@@ -34,8 +36,8 @@
 #include "wv_cdm_constants.h"
 using namespace wvoec3;
 using wvcdm::kLevelDefault;
 using wvcdm::kLevel3;
 using wvcdm::kLevelDefault;
 namespace {
@@ -130,10 +132,9 @@ typedef OEMCryptoResult (*L1_DecryptCENC_t)(
    bool is_encrypted, const uint8_t* iv, size_t offset,
    OEMCrypto_DestBufferDesc* out_buffer,
    const OEMCrypto_CENCEncryptPatternDesc* pattern, uint8_t subsample_flags);
-typedef OEMCryptoResult (*L1_CopyBuffer_V14_t)(const uint8_t* data_addr,
+typedef OEMCryptoResult (*L1_CopyBuffer_V14_t)(
-                                           size_t data_length,
+    const uint8_t* data_addr, size_t data_length,
-                                           OEMCrypto_DestBufferDesc* out_buffer,
+    OEMCrypto_DestBufferDesc* out_buffer, uint8_t subsample_flags);
                                           uint8_t subsample_flags);
 typedef OEMCryptoResult (*L1_CopyBuffer_t)(OEMCrypto_SESSION session,
                                           const uint8_t* data_addr,
                                           size_t data_length,
@@ -213,8 +214,7 @@ typedef OEMCryptoResult (*L1_DeactivateUsageEntry_V12_t)(const uint8_t* pst,
                                                         size_t pst_length);
 typedef OEMCryptoResult (*L1_ReportUsage_t)(OEMCrypto_SESSION session,
                                            const uint8_t* pst,
-                                            size_t pst_length,
+                                            size_t pst_length, uint8_t* buffer,
                                            uint8_t* buffer,
                                            size_t* buffer_length);
 typedef OEMCryptoResult (*L1_DeleteUsageEntry_t)(
    OEMCrypto_SESSION session, const uint8_t* pst, size_t pst_length,
@@ -225,18 +225,13 @@ typedef OEMCryptoResult (*L1_ForceDeleteUsageEntry_t)(const uint8_t* pst,
 typedef OEMCryptoResult (*L1_DeleteOldUsageTable_t)();
 typedef OEMCrypto_ProvisioningMethod (*L1_GetProvisioningMethod_t)();
 typedef OEMCryptoResult (*L1_GetOEMPublicCertificate_t)(
-                                  OEMCrypto_SESSION session,
+    OEMCrypto_SESSION session, uint8_t* public_cert,
                                  uint8_t *public_cert,
    size_t* public_cert_length);
 typedef OEMCryptoResult (*L1_RewrapDeviceRSAKey30_t)(
-                               OEMCrypto_SESSION session,
+    OEMCrypto_SESSION session, const uint32_t* nonce,
-                               const uint32_t *nonce,
+    const uint8_t* encrypted_message_key, size_t encrypted_message_key_length,
-                               const uint8_t* encrypted_message_key,
+    const uint8_t* enc_rsa_key, size_t enc_rsa_key_length,
-                               size_t encrypted_message_key_length,
+    const uint8_t* enc_rsa_key_iv, uint8_t* wrapped_rsa_key,
                               const uint8_t* enc_rsa_key,
                               size_t enc_rsa_key_length,
                               const uint8_t* enc_rsa_key_iv,
                               uint8_t* wrapped_rsa_key,
    size_t* wrapped_rsa_key_length);
 typedef uint32_t (*L1_SupportedCertificates_t)();
 typedef bool (*L1_IsSRMUpdateSupported_t)();
@@ -263,8 +258,7 @@ typedef OEMCryptoResult (*L1_DeactivateUsageEntry_t)(OEMCrypto_SESSION session,
                                                     const uint8_t* pst,
                                                     size_t pst_length);
 typedef OEMCryptoResult (*L1_ShrinkUsageTableHeader_t)(
-    uint32_t new_table_size,
+    uint32_t new_table_size, uint8_t* header_buffer,
    uint8_t* header_buffer,
    size_t* header_buffer_length);
 typedef OEMCryptoResult (*L1_MoveEntry_t)(OEMCrypto_SESSION session,
                                          uint32_t new_index);
@@ -575,8 +569,7 @@ struct LevelSession {
  if ((level1_.version >= min) && (level1_.version <= max)) {              \
    level1_.Name = (L1_##Name##_t)dlsym(level1_library_, QUOTE(Function)); \
    if (!level1_.Name) {                                                   \
-      LOGW("Could not load L1 %s. Falling Back to L3.",                 \
+      LOGW("Could not load L1 %s. Falling Back to L3.", QUOTE(Function));  \
           QUOTE(Function));                                            \
      if (level1_.Terminate) level1_.Terminate();                          \
      return false;                                                        \
    }                                                                      \
@@ -587,7 +580,6 @@ struct LevelSession {
 #define LOOKUP_ALL(min, Name, Function) \
  LOOKUP(min, kMaximumVersion, Name, Function)
 // The Adapter keeps a block of FunctionPointers for the built-in level 3 and
 // the dynamically loaded level 1 oemcrypto.  When initialized, it tries to load
 // the level 1 library and verifies that all needed functions are present.  If
@@ -611,8 +603,7 @@ class Adapter {
    }
  }
-  void SetSandbox(const uint8_t* sandbox_id,
+  void SetSandbox(const uint8_t* sandbox_id, size_t sandbox_id_length) {
                  size_t sandbox_id_length) {
    sandbox_id_.assign(sandbox_id, sandbox_id + sandbox_id_length);
  }
@@ -700,8 +691,8 @@ class Adapter {
      return false;
    }
    if (!sandbox_id_.empty()) {
-      level1_.SetSandbox = (L1_SetSandbox_t)dlsym(level1_library_,
+      level1_.SetSandbox =
-                                                  QUOTE(OEMCrypto_SetSandbox));
+          (L1_SetSandbox_t)dlsym(level1_library_, QUOTE(OEMCrypto_SetSandbox));
      if (level1_.SetSandbox != NULL) {
        level1_.SetSandbox(&sandbox_id_[0], sandbox_id_.size());
      }
@@ -872,8 +863,7 @@ class Adapter {
    if (level1_.IsKeyboxOrOEMCertValid() != OEMCrypto_SUCCESS) {
      // A keybox or cert file was read and installed, but it is still not
      // valid. Give up.
-      LOGE("Installed bad key from %s. Falling Back to L3.",
+      LOGE("Installed bad key from %s. Falling Back to L3.", filename.c_str());
           filename.c_str());
      level1_.Terminate();
      metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
          wvcdm::metrics::
@@ -1298,7 +1288,6 @@ extern "C" OEMCryptoResult OEMCrypto_SetSandbox(const uint8_t* sandbox_id,
  return OEMCrypto_SUCCESS;
 }
 extern "C" OEMCryptoResult OEMCrypto_Initialize(void) {
  if (!gAdapter.get()) {
    gAdapter.reset(new Adapter());
@@ -1768,10 +1757,9 @@ extern "C" OEMCryptoResult OEMCrypto_QueryKeyControl(
                                   key_control_block, key_control_block_length);
 }
-extern "C" OEMCryptoResult OEMCrypto_SelectKey(const OEMCrypto_SESSION session,
+extern "C" OEMCryptoResult OEMCrypto_SelectKey(
-                                               const uint8_t* key_id,
+    const OEMCrypto_SESSION session, const uint8_t* key_id,
-                                               size_t key_id_length,
+    size_t key_id_length, OEMCryptoCipherMode cipher_mode) {
                                               OEMCryptoCipherMode cipher_mode) {
  if (!gAdapter.get()) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
  LevelSession pair = gAdapter->GetSession(session);
  if (!pair.fcn) return OEMCrypto_ERROR_INVALID_SESSION;
@@ -1838,8 +1826,8 @@ extern "C" OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t* keybox,
                         wrappedKeyBoxLength, transportKey, transportKeyLength);
 }
-extern "C" OEMCryptoResult OEMCrypto_InstallKeyboxOrOEMCert(const uint8_t* keybox,
+extern "C" OEMCryptoResult OEMCrypto_InstallKeyboxOrOEMCert(
-                                                   size_t keyBoxLength) {
+    const uint8_t* keybox, size_t keyBoxLength) {
  return OEMCrypto_InstallKeyboxOrOEMCert(keybox, keyBoxLength, kLevelDefault);
 }
@@ -1898,14 +1886,10 @@ extern "C" OEMCryptoResult OEMCrypto_GetRandom(uint8_t* randomData,
 }
 extern "C" OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey30(
-                               OEMCrypto_SESSION session,
+    OEMCrypto_SESSION session, const uint32_t* nonce,
-                               const uint32_t *nonce,
+    const uint8_t* encrypted_message_key, size_t encrypted_message_key_length,
-                               const uint8_t* encrypted_message_key,
+    const uint8_t* enc_rsa_key, size_t enc_rsa_key_length,
-                               size_t encrypted_message_key_length,
+    const uint8_t* enc_rsa_key_iv, uint8_t* wrapped_rsa_key,
                               const uint8_t* enc_rsa_key,
                               size_t enc_rsa_key_length,
                               const uint8_t* enc_rsa_key_iv,
                               uint8_t* wrapped_rsa_key,
    size_t* wrapped_rsa_key_length) {
  if (!gAdapter.get()) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
  LevelSession pair = gAdapter->GetSession(session);
@@ -1913,11 +1897,9 @@ extern "C" OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey30(
  if (pair.fcn->version < 12) return OEMCrypto_ERROR_NOT_IMPLEMENTED;
  if (pair.fcn->RewrapDeviceRSAKey30 == NULL)
    return OEMCrypto_ERROR_NOT_IMPLEMENTED;
-  return pair.fcn->RewrapDeviceRSAKey30(pair.session, nonce,
+  return pair.fcn->RewrapDeviceRSAKey30(
-                                        encrypted_message_key,
+      pair.session, nonce, encrypted_message_key, encrypted_message_key_length,
-                                        encrypted_message_key_length,
+      enc_rsa_key, enc_rsa_key_length, enc_rsa_key_iv, wrapped_rsa_key,
                                        enc_rsa_key, enc_rsa_key_length,
                                        enc_rsa_key_iv, wrapped_rsa_key,
      wrapped_rsa_key_length);
 }
@@ -2231,8 +2213,8 @@ extern "C" OEMCryptoResult OEMCrypto_DeleteOldUsageTable() {
  if (fcn3 && (fcn3->version > 8) && (fcn3->DeleteOldUsageTable != NULL)) {
    sts = fcn3->DeleteOldUsageTable();
  }
-  if (fcn1 && fcn1 != fcn3 &&
+  if (fcn1 && fcn1 != fcn3 && (fcn1->version > 8) &&
-      (fcn1->version > 8) && (fcn1->DeleteOldUsageTable != NULL)) {
+      (fcn1->DeleteOldUsageTable != NULL)) {
    sts = fcn1->DeleteOldUsageTable();
  }
  return sts;
@@ -2381,11 +2363,12 @@ extern "C" OEMCryptoResult OEMCrypto_SetDecryptHash(OEMCrypto_SESSION session,
  if (pair.fcn->SetDecryptHash == NULL) {
    return OEMCrypto_ERROR_NOT_IMPLEMENTED;
  }
-  return pair.fcn->SetDecryptHash(pair.session, frame_number, hash, hash_length);
+  return pair.fcn->SetDecryptHash(pair.session, frame_number, hash,
                                  hash_length);
 }
-extern "C" OEMCryptoResult OEMCrypto_GetHashErrorCode(OEMCrypto_SESSION session,
+extern "C" OEMCryptoResult OEMCrypto_GetHashErrorCode(
-                                           uint32_t* failed_frame_number) {
+    OEMCrypto_SESSION session, uint32_t* failed_frame_number) {
  if (!gAdapter.get()) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
  LevelSession pair = gAdapter->GetSession(session);
  if (!pair.fcn) return OEMCrypto_ERROR_INVALID_SESSION;
--- a/libwvdrmengine/cdm/core/src/policy_engine.cpp
+++ b/libwvdrmengine/cdm/core/src/policy_engine.cpp
@@ -5,6 +5,7 @@
 #include "policy_engine.h"
 #include <limits.h>
 #include <string>
 #include "clock.h"
@@ -253,8 +254,7 @@ bool PolicyEngine::BeginDecryption() {
      default:
        return false;
    }
-  }
+  } else {
  else {
    return true;
  }
 }
--- a/libwvdrmengine/cdm/core/src/privacy_crypto_boringssl.cpp
+++ b/libwvdrmengine/cdm/core/src/privacy_crypto_boringssl.cpp
@@ -7,7 +7,9 @@
 //   for signature verification and encryption and decryption.
 //
 // clang-format off
 #include "privacy_crypto.h"
 // clang-format on
 #include <openssl/aes.h>
 #include <openssl/asn1.h>
@@ -224,9 +226,10 @@ bool RsaPublicKey::Encrypt(const std::string& clear_message,
  return true;
 }
-// LogBoringSSLError is a callback from BoringSSL which is called with each error
+// LogBoringSSLError is a callback from BoringSSL which is called with each
-// in the thread's error queue.
+// error in the thread's error queue.
-static int LogBoringSSLError(const char* msg, size_t /* len */, void* /* ctx */) {
+static int LogBoringSSLError(const char* msg, size_t /* len */,
                             void* /* ctx */) {
  LOGE("  %s", msg);
  return 1;
 }
@@ -242,8 +245,8 @@ static bool VerifyPSSSignature(EVP_PKEY *pkey, const std::string &message,
    goto err;
  }
-  if (EVP_PKEY_CTX_set_signature_md(pctx,
+  if (EVP_PKEY_CTX_set_signature_md(pctx, const_cast<EVP_MD*>(EVP_sha1())) !=
-                                    const_cast<EVP_MD *>(EVP_sha1())) != 1) {
+      1) {
    LOGE("EVP_PKEY_CTX_set_signature_md failed in VerifyPSSSignature");
    goto err;
  }
@@ -264,7 +267,8 @@ static bool VerifyPSSSignature(EVP_PKEY *pkey, const std::string &message,
  }
  if (EVP_DigestVerifyFinal(
-          evp_md_ctx, const_cast<uint8_t *>(
+          evp_md_ctx,
          const_cast<uint8_t*>(
              reinterpret_cast<const uint8_t*>(signature.data())),
          signature.size()) != 1) {
    LOGE(
@@ -322,7 +326,6 @@ bool RsaPublicKey::VerifySignature(const std::string& message,
  return true;
 }
 bool ExtractExtensionValueFromCertificate(const std::string& cert,
                                          const std::string& extension_oid,
                                          size_t cert_index, uint32_t* value) {
@@ -330,7 +333,8 @@ bool ExtractExtensionValueFromCertificate(const std::string& cert,
  const boringssl_ptr<STACK_OF(X509), DeleteX509Stack> x509_stack(
      sk_X509_new_null());
  if (x509_stack.get() == NULL) {
-    LOGE("ExtractExtensionValueFromCertificate: "
+    LOGE(
        "ExtractExtensionValueFromCertificate: "
        "Unable to allocate X509 Stack.");
    return false;
  }
@@ -338,7 +342,8 @@ bool ExtractExtensionValueFromCertificate(const std::string& cert,
  CBS pkcs7;
  CBS_init(&pkcs7, reinterpret_cast<const uint8_t*>(cert.data()), cert.size());
  if (!PKCS7_get_certificates(x509_stack.get(), &pkcs7)) {
-    LOGE("ExtractExtensionValueFromCertificate: "
+    LOGE(
        "ExtractExtensionValueFromCertificate: "
        "Error getting certificate chain.");
    return false;
  }
@@ -347,7 +352,8 @@ bool ExtractExtensionValueFromCertificate(const std::string& cert,
  // Find the desired certificate from the stack.
  if (sk_X509_num(certs) <= cert_index) {
-    LOGE("ExtractExtensionValueFromCertificate: "
+    LOGE(
        "ExtractExtensionValueFromCertificate: "
        "Expected at least %zu certificates in chain, got %d",
        cert_index + 1, sk_X509_num(certs));
    return false;
@@ -355,7 +361,8 @@ bool ExtractExtensionValueFromCertificate(const std::string& cert,
  X509* const intermediate_cert = sk_X509_value(certs, cert_index);
  if (!intermediate_cert) {
-    LOGE("ExtractExtensionValueFromCertificate: "
+    LOGE(
        "ExtractExtensionValueFromCertificate: "
        "Unable to get intermediate cert.");
    return false;
  }
@@ -365,8 +372,10 @@ bool ExtractExtensionValueFromCertificate(const std::string& cert,
  for (int i = 0; i < extension_count; ++i) {
    X509_EXTENSION* const extension = X509_get_ext(intermediate_cert, i);
    if (!extension) {
-      LOGE("ExtractExtensionValueFromCertificate: "
+      LOGE(
-           "Unable to get cert extension %d", i);
+          "ExtractExtensionValueFromCertificate: "
          "Unable to get cert extension %d",
          i);
      continue;
    }
@@ -378,14 +387,16 @@ bool ExtractExtensionValueFromCertificate(const std::string& cert,
    ASN1_OCTET_STRING* const octet_str = X509_EXTENSION_get_data(extension);
    if (!octet_str) {
-      LOGE("ExtractExtensionValueFromCertificate: "
+      LOGE(
          "ExtractExtensionValueFromCertificate: "
          "Unable to get data of extension.");
      return false;
    }
    const unsigned char* data = octet_str->data;
    if (!data) {
-      LOGE("ExtractExtensionValueFromCertificate: "
+      LOGE(
          "ExtractExtensionValueFromCertificate: "
          "Null data in extension.");
      return false;
    }
@@ -393,7 +404,8 @@ bool ExtractExtensionValueFromCertificate(const std::string& cert,
    ASN1_INTEGER* const asn1_integer =
        d2i_ASN1_INTEGER(NULL, &data, octet_str->length);
    if (!asn1_integer) {
-      LOGE("ExtractExtensionValueFromCertificate: "
+      LOGE(
          "ExtractExtensionValueFromCertificate: "
          "Unable to decode data in extension.");
      return false;
    }
@@ -401,7 +413,8 @@ bool ExtractExtensionValueFromCertificate(const std::string& cert,
    const long system_id_long = ASN1_INTEGER_get(asn1_integer);
    ASN1_INTEGER_free(asn1_integer);
    if (system_id_long == -1) {
-      LOGE("ExtractExtensionValueFromCertificate: "
+      LOGE(
          "ExtractExtensionValueFromCertificate: "
          "Unable to decode ASN integer in extension.");
      return false;
    }
--- a/libwvdrmengine/cdm/core/src/privacy_crypto_dummy.cpp
+++ b/libwvdrmengine/cdm/core/src/privacy_crypto_dummy.cpp
@@ -7,9 +7,8 @@
 //   can't tolerate BoringSSL or OpenSSL as a dependency.
 //
 #include "privacy_crypto.h"
 #include "log.h"
 #include "privacy_crypto.h"
 #ifdef __APPLE__
 #include <CommonCrypto/CommonDigest.h>
@@ -50,7 +49,6 @@ bool RsaPublicKey::VerifySignature(const std::string& message,
  return false;
 }
 bool ExtractExtensionValueFromCertificate(const std::string& cert,
                                          const std::string& extension_oid,
                                          size_t cert_index, uint32_t* value) {
--- a/libwvdrmengine/cdm/core/src/properties.cpp
+++ b/libwvdrmengine/cdm/core/src/properties.cpp
@@ -2,8 +2,9 @@
 // source code may only be used and distributed under the Widevine Master
 // License Agreement.
 #include "log.h"
 #include "properties.h"
 #include "log.h"
 #include "wv_cdm_constants.h"
 namespace {
@@ -20,15 +21,15 @@ bool Properties::provisioning_messages_are_binary_;
 bool Properties::allow_service_certificate_requests_;
 std::unique_ptr<CdmClientPropertySetMap> Properties::session_property_set_;
-bool Properties::AddSessionPropertySet(
+bool Properties::AddSessionPropertySet(const CdmSessionId& session_id,
-    const CdmSessionId& session_id, CdmClientPropertySet* property_set) {
+                                       CdmClientPropertySet* property_set) {
  if (NULL == session_property_set_.get()) {
    return false;
  }
  std::pair<CdmClientPropertySetMap::iterator, bool> result =
      session_property_set_->insert(
-          std::pair<const CdmSessionId, CdmClientPropertySet*>(
+          std::pair<const CdmSessionId, CdmClientPropertySet*>(session_id,
-              session_id, property_set));
+                                                               property_set));
  return result.second;
 }
@@ -75,8 +76,7 @@ bool Properties::GetServiceCertificate(const CdmSessionId& session_id,
 bool Properties::SetServiceCertificate(const CdmSessionId& session_id,
                                       const std::string& service_certificate) {
-  CdmClientPropertySet* property_set =
+  CdmClientPropertySet* property_set = GetCdmClientPropertySet(session_id);
      GetCdmClientPropertySet(session_id);
  if (property_set == NULL) {
    return false;
  }
--- a/libwvdrmengine/cdm/core/src/service_certificate.cpp
+++ b/libwvdrmengine/cdm/core/src/service_certificate.cpp
@@ -16,6 +16,8 @@ namespace {
 // Root certificate for all Google/Widevine certificates.  I.e. all service
 // certificates and DRM certificates are signed by this cert, or have this cert
 // as the root of a signing chain.
 // clang-format off
 static const unsigned char kRootCertForProd[] = {
  0x0a, 0x9c, 0x03, 0x08, 0x00, 0x12, 0x01, 0x00,
  0x18, 0xdd, 0x94, 0x88, 0x8b, 0x05, 0x22, 0x8e,
@@ -119,6 +121,7 @@ static const unsigned char kRootCertForProd[] = {
  0xa2, 0xe6, 0x80, 0x74, 0x55, 0x06, 0x49, 0xd5,
  0x02, 0x0c
 };
 // clang-format on
 }  // namespace
@@ -228,23 +231,22 @@ CdmResponseType ServiceCertificate::EncryptClientId(
  std::string iv(KEY_IV_SIZE, 0);
  std::string key(SERVICE_KEY_SIZE, 0);
-  CdmResponseType status =
+  CdmResponseType status = crypto_session->GetRandom(
-      crypto_session->GetRandom(key.size(),
+      key.size(), reinterpret_cast<uint8_t*>(&key[0]));
                                reinterpret_cast<uint8_t*>(&key[0]));
  if (status != NO_ERROR) {
    LOGE("ServiceCertificate::EncryptClientId: GetRandom error: %d", status);
-    return status == RANDOM_GENERATION_ERROR ?
+    return status == RANDOM_GENERATION_ERROR ? CLIENT_ID_GENERATE_RANDOM_ERROR
-        CLIENT_ID_GENERATE_RANDOM_ERROR : status;
+                                             : status;
  }
-  status = crypto_session->GetRandom(iv.size(),
+  status =
-                                     reinterpret_cast<uint8_t*>(&iv[0]));
+      crypto_session->GetRandom(iv.size(), reinterpret_cast<uint8_t*>(&iv[0]));
  if (status != NO_ERROR) {
    LOGE("ServiceCertificate::EncryptClientId: GetRandom error: %d", status);
-    return status == RANDOM_GENERATION_ERROR ?
+    return status == RANDOM_GENERATION_ERROR ? CLIENT_ID_GENERATE_RANDOM_ERROR
-        CLIENT_ID_GENERATE_RANDOM_ERROR : status;
+                                             : status;
  }
  std::string id, enc_id, enc_key;
  clear_client_id->SerializeToString(&id);
@@ -254,8 +256,7 @@ CdmResponseType ServiceCertificate::EncryptClientId(
  if (!aes.Encrypt(id, &enc_id, &iv)) return CLIENT_ID_AES_ENCRYPT_ERROR;
  CdmResponseType encrypt_result = EncryptRsaOaep(key, &enc_key);
-  if (encrypt_result != NO_ERROR)
+  if (encrypt_result != NO_ERROR) return encrypt_result;
    return encrypt_result;
  encrypted_client_id->set_encrypted_client_id_iv(iv);
  encrypted_client_id->set_encrypted_privacy_key(enc_key);
@@ -274,8 +275,8 @@ bool ServiceCertificate::GetRequest(CdmKeyMessage* request) {
  return true;
 }
-CdmResponseType ServiceCertificate::ParseResponse(
+CdmResponseType ServiceCertificate::ParseResponse(const std::string& response,
-    const std::string& response, std::string* certificate) {
+                                                  std::string* certificate) {
  if (response.empty()) {
    LOGE("ServiceCertificate::ParseResponse: empty response");
    return EMPTY_RESPONSE_ERROR_1;
@@ -312,6 +313,4 @@ CdmResponseType ServiceCertificate::ParseResponse(
  return NO_ERROR;
 }
 }  // namespace wvcdm
--- a/libwvdrmengine/cdm/core/src/usage_table_header.cpp
+++ b/libwvdrmengine/cdm/core/src/usage_table_header.cpp
@@ -21,7 +21,7 @@ std::string kOldUsageEntryServerMacKey(wvcdm::MAC_KEY_SIZE, 0);
 std::string kOldUsageEntryClientMacKey(wvcdm::MAC_KEY_SIZE, 0);
 std::string kOldUsageEntryPoviderSessionToken =
    "nahZ6achSheiqua3TohQuei0ahwohv";
-}
+}  // namespace
 namespace wvcdm {
@@ -93,17 +93,17 @@ bool UsageTableHeader::Init(CdmSecurityLevel security_level,
          result = local_crypto_session->Open(requested_security_level_);
          if (result == NO_ERROR) {
-            result = AddEntry(local_crypto_session, true,
+            result = AddEntry(local_crypto_session, true, kDummyKeySetId,
-                              kDummyKeySetId, kEmptyString,
+                              kEmptyString, &temporary_usage_entry_number);
                              &temporary_usage_entry_number);
          }
        }
        if (result == NO_ERROR) {
-          result = DeleteEntry(temporary_usage_entry_number,
+          result = DeleteEntry(temporary_usage_entry_number, file_handle_.get(),
-                               file_handle_.get(), metrics);
+                               metrics);
        }
        if (result != NO_ERROR) {
-          LOGE("UsageTableHeader::Init: Unable to create/delete new entry. "
+          LOGE(
              "UsageTableHeader::Init: Unable to create/delete new entry. "
              "Clear usage entries, security level: %d, usage entries: %d",
              security_level, usage_entry_info_.size());
          status = result;
@@ -150,12 +150,10 @@ CdmResponseType UsageTableHeader::AddEntry(
  // If usage entry creation fails due to insufficient resources, release a
  // random entry and try again.
-  for (uint32_t retry_count = 0;
+  for (uint32_t retry_count = 0; retry_count < kMaxCryptoRetries &&
       retry_count < kMaxCryptoRetries &&
                                 status == INSUFFICIENT_CRYPTO_RESOURCES_3;
       ++retry_count) {
-    int64_t entry_number_to_delete =
+    int64_t entry_number_to_delete = GetRandomInRange(usage_entry_info_.size());
        GetRandomInRange(usage_entry_info_.size());
    if (entry_number_to_delete < 0) break;
    DeleteEntry(entry_number_to_delete, file_handle_.get(), metrics);
@@ -222,8 +220,7 @@ CdmResponseType UsageTableHeader::LoadEntry(CryptoSession* crypto_session,
  // If loading a usage entry fails due to insufficient resources, release a
  // random entry different from |usage_entry_number| and try again. If there
  // are no more entries to release, we fail.
-  for (uint32_t retry_count = 0;
+  for (uint32_t retry_count = 0; retry_count < kMaxCryptoRetries &&
       retry_count < kMaxCryptoRetries &&
                                 status == INSUFFICIENT_CRYPTO_RESOURCES_3;
       ++retry_count) {
    // Get a random entry from the other entries.
@@ -257,8 +254,10 @@ CdmResponseType UsageTableHeader::DeleteEntry(uint32_t usage_entry_number,
       usage_entry_number);
  std::unique_lock<std::mutex> auto_lock(usage_table_header_lock_);
  if (usage_entry_number >= usage_entry_info_.size()) {
-    LOGE("UsageTableHeader::DeleteEntry: usage entry number %d larger than "
+    LOGE(
-         "usage entry size %d", usage_entry_number, usage_entry_info_.size());
+        "UsageTableHeader::DeleteEntry: usage entry number %d larger than "
        "usage entry size %d",
        usage_entry_number, usage_entry_info_.size());
    return USAGE_INVALID_PARAMETERS_1;
  }
@@ -510,8 +509,8 @@ CdmResponseType UsageTableHeader::Shrink(
  if (usage_entry_info_.size() < number_of_usage_entries_to_delete) {
    LOGW(
        "UsageTableHeader::Shrink: cannot delete %d entries when usage entry "
-        "table size is %d", number_of_usage_entries_to_delete,
+        "table size is %d",
-        usage_entry_info_.size());
+        number_of_usage_entries_to_delete, usage_entry_info_.size());
    return NO_ERROR;
  }
@@ -581,7 +580,8 @@ bool UsageTableHeader::UpgradeLicensesFromUsageTable(
            &usage_entry_number, &sub_error_code)) {
      LOGW(
          "UsageTableHeader::UpgradeLicensesFromUsageTable: Failed to "
-          "retrieve license, %d", sub_error_code);
+          "retrieve license, %d",
          sub_error_code);
      continue;
    }
@@ -634,7 +634,8 @@ bool UsageTableHeader::UpgradeLicensesFromUsageTable(
            app_parameters, usage_entry, usage_entry_number, &sub_error_code)) {
      LOGE(
          "UsageTableHeader::UpgradeLicensesFromUsageTable: Failed to store "
-          "license, %d", sub_error_code);
+          "license, %d",
          sub_error_code);
      continue;
    }
  }
@@ -737,8 +738,7 @@ int64_t UsageTableHeader::GetRandomInRange(size_t upper_bound_exclusive) {
 int64_t UsageTableHeader::GetRandomInRangeWithExclusion(
    size_t upper_bound_exclusive, size_t exclude) {
-  if ((upper_bound_exclusive <= 1) ||
+  if ((upper_bound_exclusive <= 1) || (exclude >= upper_bound_exclusive)) {
      (exclude >= upper_bound_exclusive)) {
    LOGE(
        "upper_bound_exclusive must be > 1 and exclude must be < "
        "upper_bound_exclusive.");
@@ -753,12 +753,9 @@ int64_t UsageTableHeader::GetRandomInRangeWithExclusion(
 bool UsageTableHeader::CreateDummyOldUsageEntry(CryptoSession* crypto_session) {
  return crypto_session->CreateOldUsageEntry(
      kOldUsageEntryTimeSinceLicenseReceived,
-             kOldUsageEntryTimeSinceFirstDecrypt,
+      kOldUsageEntryTimeSinceFirstDecrypt, kOldUsageEntryTimeSinceLastDecrypt,
-             kOldUsageEntryTimeSinceLastDecrypt,
+      CryptoSession::kUsageDurationsInvalid, kOldUsageEntryServerMacKey,
-             CryptoSession::kUsageDurationsInvalid,
+      kOldUsageEntryClientMacKey, kOldUsageEntryPoviderSessionToken);
             kOldUsageEntryServerMacKey,
             kOldUsageEntryClientMacKey,
             kOldUsageEntryPoviderSessionToken);
 }
 // Test only method.
@@ -766,9 +763,10 @@ void UsageTableHeader::DeleteEntryForTest(uint32_t usage_entry_number) {
  LOGV("UsageTableHeader::DeleteEntryForTest: usage_entry_number: %d",
       usage_entry_number);
  if (usage_entry_number >= usage_entry_info_.size()) {
-    LOGE("UsageTableHeader::DeleteEntryForTest: usage entry number %d larger "
+    LOGE(
-         "than usage entry size %d", usage_entry_number,
+        "UsageTableHeader::DeleteEntryForTest: usage entry number %d larger "
-         usage_entry_info_.size());
+        "than usage entry size %d",
        usage_entry_number, usage_entry_info_.size());
    return;
  }
  // Move last entry into deleted location and shrink usage entries