Restrict uses of BoringSSL.

(This is a merge of http://go/wvgerrit/71883) This moves all the SSL code to privacy_crypto so we can use the iOS-specific versions and not use any BoringSSL. The iOS version doesn't support OEM certificates. Note that the tests still use BoringSSL. Bug: 126559819 Test: build_and_run_all_unit_tests.sh Change-Id: Ib0fad5d95b283b6cd6e02d8a08bcf248c5900bc4
2019-02-28 17:32:22 -08:00
parent 50e4d67415
commit e5380ca59f
5 changed files with 200 additions and 168 deletions
--- a/libwvdrmengine/cdm/core/src/device_files.cpp
+++ b/libwvdrmengine/cdm/core/src/device_files.cpp
@@ -10,21 +10,11 @@
 #include "file_store.h"
 #include "license_protocol.pb.h"
 #include "log.h"
+#include "privacy_crypto.h"
 #include "properties.h"
 #include "string_conversions.h"
 #include "wv_cdm_constants.h"

-#if defined(__APPLE__)
-#include <CommonCrypto/CommonDigest.h>
-#define SHA256 CC_SHA256
-#define SHA256_DIGEST_LENGTH CC_SHA256_DIGEST_LENGTH
-#define MD5 CC_MD5
-#define MD5_DIGEST_LENGTH CC_MD5_DIGEST_LENGTH
-#else
-#include <openssl/md5.h>
-#include <openssl/sha.h>
-#endif
-
 // Protobuf generated classes.
 using video_widevine_client::sdk::DeviceCertificate;
 using video_widevine_client::sdk::HashedFile;
@@ -67,17 +57,6 @@ const char kEmptyFileName[] = "";
 const char kUsageTableFileName[] = "usgtable.bin";
 const char kWildcard[] = "*";

-bool Hash(const std::string& data, std::string* hash) {
-  if (!hash) return false;
-  hash->resize(SHA256_DIGEST_LENGTH);
-
-  const unsigned char* input =
-      reinterpret_cast<const unsigned char*>(data.data());
-  unsigned char* output = reinterpret_cast<unsigned char*>(&(*hash)[0]);
-  SHA256(input, data.size(), output);
-  return true;
-}
-
 }  // namespace

 namespace wvcdm {
@@ -1183,12 +1162,7 @@ bool DeviceFiles::DeleteUsageTableInfo() {
 DeviceFiles::ResponseType DeviceFiles::StoreFileWithHash(
    const std::string& name,
    const std::string& serialized_file) {
-  // calculate SHA hash
-  std::string hash;
-  if (!Hash(serialized_file, &hash)) {
-    LOGW("DeviceFiles::StoreFileWithHash: Hash computation failed");
-    return kHashComputationFailed;
-  }
+  std::string hash = Sha256Hash(serialized_file);

  // Fill in hashed file data
  HashedFile hash_file;
@@ -1296,12 +1270,7 @@ DeviceFiles::ResponseType DeviceFiles::RetrieveHashedFile(
    return kFileParseError1;
  }

-  std::string hash;
-  if (!Hash(hash_file.file(), &hash)) {
-    LOGW("DeviceFiles::RetrieveHashedFile: Hash computation failed");
-    return kHashComputationFailed;
-  }
-
+  std::string hash = Sha256Hash(hash_file.file());
  if (hash != hash_file.hash()) {
    LOGW("DeviceFiles::RetrieveHashedFile: Hash mismatch");
    // Remove the corrupted file so the caller will not get the same error
@@ -1387,11 +1356,9 @@ std::string DeviceFiles::GetUsageInfoFileName(const std::string& app_id) {
 }

 std::string DeviceFiles::GetFileNameSafeHash(const std::string& input) {
-  std::vector<uint8_t> hash(MD5_DIGEST_LENGTH);
-  const unsigned char* input_ptr =
-      reinterpret_cast<const unsigned char*>(input.data());
-  MD5(input_ptr, input.size(), &hash[0]);
-  return wvcdm::Base64SafeEncode(hash);
+  std::string hash = Md5Hash(input);
+  return wvcdm::Base64SafeEncode(
+      std::vector<uint8_t>(hash.begin(), hash.end()));
 }

 }  // namespace wvcdm