Merge "Bump version to 19.1.0 and update OPK changelog" into main

libwvdrmengine/oemcrypto/CHANGELOG.md

@@ -2,6 +2,54 @@
 
 [TOC]
 
+## [Version 19.1][v19.1]
+
+This is a minor release that includes a few security fixes and bug fixes.
+
+General
+
+- Change OEMCrypto_FreeSecureBuffer() |output_descriptor| parameter to be
+[in,out] type.
+- Use strlen() instead of sizeof() to get the length of BUILD_INFO.
+- Add OEMCrypto_GetEmbeddedDrmCertificate() definition to OPK, with
+OEMCrypto_ERROR_NOT_IMPLEMENTED.
+- Remove default.h include file from wtpi_config, which was causing a mismatch
+between reported config values and actual config values.
+- Remove extra is_debug field and trailing comma from BuildInformation.
+- Reduce trusted clock skew on restarts in wtpi_reference implementation.
+- Remove -Wno-unused-parameter cflag.
+- Increase transport buffer size from 32K to 34K to accommodate larger buffer
+requirements from OEMCrypto_LoadProvisioning
+- Fix BCC payload item count in wtpi_reference
+- Add WTPI_DeriveNewAsymmetricKeyHandle() and
+WTPI_CreateUDSDerivedAsymmetricKeyHandle() to wtpi_provisioning_4_interface.h.
+These implementations are only required if you are using
+wtpi_reference/wtpi_provisioning_4.c.
+
+OPK serialization layer
+
+- Avoid writing any value to output parameters if the OEMCryptoResult is not
+OEMCrypto_SUCCESS. (Applies to [out] type only. Not [in] or [in,out]). This
+avoids subtle bugs where the serialization logic may unexpectedly modify (eg
+set to 0) an output parameter on failure.
+- Initialize pointers in a few corner cases.
+
+Tests
+
+- Fix default cipher mode for CAS unit test.
+- Skip entitlement session tests that are only supported on CAS devices.
+- Don't force decrypt count to increase in unit tests.
+- Skip some cast tests if not supported.
+
+OP-TEE port changes
+
+- Fix memory leaks on failure cases in AES decrypt, RSA key creation, and ECC
+key creation.
+- Check incoming message size from REE to avoid OOB.
+- Generate ECC keypair and zero pad appropriately.
+- Add file existence check in RPMB impl.
+- Cleanup keybox and key handles consistently after use.
+
 ## [Version 19.0][v19.0]
 
 This is the initial release of OPK v19.0, which implements OEMCrypto v19.0.
@@ -542,3 +590,4 @@ Public release for OEMCrypto API and ODK library version 16.4.
 [v18.3]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v18.3
 [v18.4]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v18.4
 [v19.0]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v19.0
+[v19.1]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v19.1

libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h

@@ -3,7 +3,7 @@
 // License Agreement.
 
 /**
- * @mainpage OEMCrypto API v19.0
+ * @mainpage OEMCrypto API v19.1
  *
  * OEMCrypto is the low level library implemented by the OEM to provide key and
  * content protection, usually in a separate secure memory or process space. The

libwvdrmengine/oemcrypto/test/oemcrypto_basic_test.cpp

@@ -180,7 +180,7 @@ TEST_F(OEMCryptoClientTest, FreeUnallocatedSecureBufferNoFailure) {
  */
 TEST_F(OEMCryptoClientTest, VersionNumber) {
   const std::string log_message =
-      "OEMCrypto unit tests for API 19.0. Tests last updated 2023-12-14";
+      "OEMCrypto unit tests for API 19.1. Tests last updated 2024-03-25";
   cout << "             " << log_message << "\n";
   cout << "             "
        << "These tests are part of Android U."
@@ -189,7 +189,7 @@ TEST_F(OEMCryptoClientTest, VersionNumber) {
   // If any of the following fail, then it is time to update the log message
   // above.
   EXPECT_EQ(ODK_MAJOR_VERSION, 19);
-  EXPECT_EQ(ODK_MINOR_VERSION, 0);
+  EXPECT_EQ(ODK_MINOR_VERSION, 1);
   EXPECT_EQ(kCurrentAPI, static_cast<unsigned>(ODK_MAJOR_VERSION));
   OEMCrypto_Security_Level level = OEMCrypto_SecurityLevel();
   EXPECT_GT(level, OEMCrypto_Level_Unknown);