Prevent usage of client provided address on
non-secure devices spoofed as being secure.
b/23223325
merge of go/wvgerrit/15420 from widevine repo
Change-Id: I1d4f3a652b3d5e78fca508f92005cfa8df5ec6db
Prevent usage of client provided address on
non-secure devices spoofed as being secure.
b/23223325
merge of go/wvgerrit/15420 from widevine repo
Change-Id: I1d4f3a652b3d5e78fca508f92005cfa8df5ec6db
This is a copy of the widevine CL:
https://widevine-internal-review.googlesource.com/#/c/12742/
If a session is closed at the same time as an OnTimerEvent is
processing an event, there could be a race condition between the two
threads. This CL adds a lock that prevents a session from being
removed from the list while the timer is currently processing an
event.
If CloseSession is called while the OnTimerEvent method is active, the
session will be added to a dead list, and deleted when the timer event
has finished.
This CL does not address the main problem in bug 19252886, but
one bugreport, netflix_log_3.txt, indicates there may have been
a problem with the CDM timer.
bug: 19252886
Change-Id: I17190edaeb3eef1295d4d204232cc4262cb5fa9b
Netflix reported that after pulling power while their app is active,
the app isn't able to restart. This is because the license file for
session keys isn't getting synched to disk, so the data is still in
the buffer cache when the device shuts down. Calling fflush and fsync
on the file ensures the data is persisted to disk. fclose alone
doesn't do fsync.
In testing, I also noticed that the license file was being rewritten
every second which is hard on the flash filesystem. The timer thread
was modified to avoid these frequent writes.
Merge of https://widevine-internal-review.googlesource.com/#/c/12431/
from the widevine cdm repo.
bug: 19108207
Change-Id: Ibe81e40a3c1f5d25563523da43fefdccdaa6ddcf
Cherry pick of the widevine change
https://widevine-internal-review.googlesource.com/#/c/12082/
If the level 1 oemcrypto library loads and initializes, but has the
wrong version or does not have a valid keybox, then the level 3
fallback is used. However, in those cases, the level 1 was not
terminated properly. This caused a resource leak on some platforms.
With this CL, in OEMCrypto_Initialize, the level 1 library Terminate
is called if its Initialize was called and the level 1 library will
not be used.
bug: 18755226
Change-Id: I56e7d3349eeebd94f3fa8c4a1f4b21781cc7428b
(cherry picked from commit 62a9cf3cbe)
If a key query occurred before a license was received an UNKNOWN_ERROR was
returned. This now succeeds but returns no information (an empty container).
Also licenses that were already expired when received were not marked as such.
This did not cause violations in playback rules but caused an exception when
they were queried.
[ Merge of https://widevine-internal-review.googlesource.com/#/c/12300
from wv git repo ]
b/18843625
Change-Id: I6990765c15e519ddf203a2fd8f0a130306f090a6
Cherry pick of the widevine change
https://widevine-internal-review.googlesource.com/#/c/12082/
If the level 1 oemcrypto library loads and initializes, but has the
wrong version or does not have a valid keybox, then the level 3
fallback is used. However, in those cases, the level 1 was not
terminated properly. This caused a resource leak on some platforms.
With this CL, in OEMCrypto_Initialize, the level 1 library Terminate
is called if its Initialize was called and the level 1 library will
not be used.
bug: 18755226
Change-Id: I56e7d3349eeebd94f3fa8c4a1f4b21781cc7428b
This CL is a merge of the widevine change
https://widevine-internal-review.googlesource.com/#/c/11881
The function rand() was not available on the mips build used to
generate the level 3 oemcrypto fallback library. This function has
been replaced by the openssl RAND_bytes(), so that compilation may
complete.
New version of library:
libwvdrmengine/level3/mips/libwvlevel3.a NONOB Level3 Library Dec 3 2014 17:11:00
bug: 17288466
Change-Id: Ibe2ae3add4f5830ddc1cce501d76aeb4be5ce926
This is a merge of the Widevine change:
https://widevine-internal-review.googlesource.com/#/c/11871
The level 3 oemcrypto fall back now compiles cleanly on a Fugu, and
passes all unit tests.
New version of library:
libwvdrmengine/level3/x86/libwvlevel3.a Level3 Library Dec 3 2014 13:06:03
bug: 17289103
Change-Id: I677888536dd2ca12e27b5985737e080b69d81477
OEMCrypto may report an HDCP status of "No HDCP device attached/using
local display with secure path". This is not propagated upto
the server as an appropriate HDCP value did not exist in the
license protocol. This has now been added. Netflix has requested that
this be reported.
[ Merge of https://widevine-internal-review.googlesource.com/#/c/11806/
from Widevine cdm repo ]
b/18377309
Change-Id: I3db88c7ab5e79a3c12dbc8a398c4770e14e5ee5c
This is a merge of the widevine change:
https://widevine-internal-review.googlesource.com/#/c/11781
The OEMCrypto did not save the usage table correctly after a key was
loaded and not used.
Also, oemcrypto uses the keybox to verify and sign the usage table.
On library initialization, the usage table was being loaded before the
keybox, so the signature was not verified correctly.
Both these problems have been corrected.
Current Library Version:
arm: Level3 Library Nov 19 2014 16:53:43
bug: 17328418 Can't play pinned content
Change-Id: Ia753e2f47b36433931fbe8dba78939581e647222
Our recommendation to OEMs is that they support a table of at least 50
usage entries in OEMCrypto. If more usage entries are stored, the PSTs get
added to the CDM but are LRU'ed out of the OEMCrypto usage table. When the
CDM queries those usage entries, OEMCrypto will return a
OEMCrypto_ERROR_INVALID_CONTEXT. Rather than return an error and have
MediaDrm throw an exception, CDM should delete this PST and return the
next usage entry, when queried.
[ Merge of https://widevine-internal-review.googlesource.com/#/c/11457/
from Widevine cdm repo ]
b/17994711
Change-Id: I00e3f93000096fb434d94333e22958de795a4bb5
Merge of widevine change
https://widevine-internal-review.googlesource.com/#/c/11501/
A license response can have new signing (mac) keys attached whether
the license can be renewed or not. Previously, the new keys were
ignored if the license could not be renewed.
bug: 18009750 Secure stop release generation failing for Netflix
Change-Id: I06dd76b0ab9f459021f46eecc938aa43d8d29689
Merge of the widevine change:
https://widevine-internal-review.googlesource.com/#/c/11632
Several unit tests in cdm_engine_test.cpp and request_license_test.cpp
were failing regularly. These were caused by either:
1) The device was not provisioned.
This has been fixed by adding a certificate provisioning step in the
test setup for the cdm engine tests and changing the existing
provision steop in the request license tests to provision for both
security levels.
2) The device was hitting a flaky server.
This has been fixed by switching from the GooglePlayServer to the
Widevine server.
3) A null pointer introduced when testing secure stops with an app
id. This has been fixed by directly injecting the app id in the unit
tests.
4) Flaky network connections. The unit tests were requesting data
from the server and were timing out after 3 seconds. I changed that
to 12 seconds.
5) The tests were searching for an end-of-line marker to find the GLS
header in the license response message. The end-of-line marker was
present in a valid DRM message for almost 1% of the test cases. This
code has been replaced by searching for the string "GLS/1" at the
begining of the HTML body.
I also added test_printers.cpp that defines functions used by GTest to
print error codes by name instead of numeric value.
This CL changes unit tests only. It does not change any production
code.
bug: 18316036
Change-Id: I3398580059a03114e782ac7ac59e6b0944012df4
(This is a merge of http://go/wvgerrit/11613 from the Widevine CDM
repo.)
Adds a property for the OS version, implements it on Android, and
adds it to the license request property bag so that Netflix may
use it to discern the supported capabilities of the CDM.
Bug: 18230738
Change-Id: If5174a108093855314f3e0102b83691e20bb247b
The OEMCrypto library should prevent too many nonces from occuring in
a row. Previously, we tested that GenerateNonce generated an error if
there were too many nonce requests.
This CL makes it possible for OEMCrypto to delay the return from
GenerateNonce if there are too many requests. This is an equally
valid solution to the nonce flood attack.
This is a unit test change only. No production code is affected.
This is a merge from the widevine repository of:
https://widevine-internal-review.googlesource.com/#/c/11604/
bug: 17630253
Change-Id: Ie97f712d70230cd8e7ea7089da0aa18039673bb4
(This is a port of http://go/wvgerrit/11614 from the
Widevine repo.)
CDM does not recover if a license file has invalid size
or the hash is incorrect. Remove the corrupted license
file in such cases.
bug: 18002606
Change-Id: I46dec853ce6b2e7c7430297d50df5d30488cde3b
