(This is a merge of http://go/wvgerrit/15430)
Previously, after provisioning, any existing offline licenses would be
deleted, as they were inevitably tied to the certificate that was just
replaced. However, due to the way per-origin provisioning works on
Android, this is no longer a safe assumption. Licenses from different
origins are all stored together, so this behavior would delete all
offline licenses across all origins every time any origin is
provisioned. And it is not possible to delete only the licenses for
specific origins without changing how licenses are stored. It is too
late to change how licenses are stored in Android M, so we need to
stop proactively cleaning up licenses in this edge case for now. Once
b/23354606 is resolved, we can reinstate this clean-up and properly
only clean up the licenses associated with the origin that was just
provisioned.
Bug: 23324167
Change-Id: Ic21db8c21bdb4243266cd49020ed52287eb21d9a
Prevent usage of client provided address on
non-secure devices spoofed as being secure.
b/23223325
merge of go/wvgerrit/15420 from widevine repo
Change-Id: I1d4f3a652b3d5e78fca508f92005cfa8df5ec6db
Copy from widevine repo of http://go/wvgerrit/15390
Because some devices are failing oemcrypto unit tests related to
signing schemes that they do not support, we are relaxing the
requirement that they return the correct error code.
We are still requiring that the device does NOT sign with a forbidden
scheme. However, it is OK if they do not return an error code from
OEMCrypto_GenerateRSASignature. They will be required to return the
correct error code in the next release.
bug: 21668896
bug: 21708882
Change-Id: I1b8a410909b364d0086cba38eadca11aceaac5f6
Merge from widevine of http://go/wvgerrit/15371
incorrectly have leading 0x00 bytes added to all integers. This
leading 0 should only be added to integers that had a leading byte
larger than 0x80 because those would be parsed as negative numbers.
bug: 23105200
Change-Id: I1dd01cc2b83a807bbdb78c079c6ce4e01d41f616
Merge from widevine repo of http://go/wvgerrit/14970
Even if devices cannot handle key ids with different lengths in the
same license, they should still handle keys with a shorter key id.
This is a partial fix for:
bug: 21935358
Change-Id: Ibc84f0b5d7d9bc5d24a2081f0581a2b256e51f44
ExoPlayerDemo build is based on the demo-debug.apk built from:
google3/third_party/java_src/android_libs/exoplayer
Supporting cl in google3: cl/97176187
Bug: 19571315
Change-Id: I611e9e5f363ecfeb66e4813c1f6939abbf855d09
Merge from widevine repo of http://go/wvgerrit/14669
This fixes two timing-related test failures when running the OEMCrypto
tests in the CE test suite. The failures were caused by the TestHost
Clock implementation, which is a fake. Since there is no clear reason
for OEMCrypto/mock to rely on wvcdm::Clock, this replaces it with
time(NULL). Incidentally, this also makes the time source consistent
with the tests themselves, which were already using time(NULL).
Change-Id: I0fad51f14d45f99526146da05b757d4ba7b6aba0
Merge from widevine repo of http://go/wvgerrit/14933
There was some confusion what the test DecryptWithNearWrap is
testing. This CL adds some expanatory comments.
Change-Id: I9228830d81c089f80e0878f647e7e94c3e49896a
[ Merge of http://go/wvgerrit/14900 ]
When releasing a license, usage entries were being released twice with
both OEMCrypto_DeleteUsageEntry and OEMCrypto_ForceDeleteUsageEntry being
called. The second call would always fail because the usage information had
already been released. The CdmSession::DeleteLicense methods will now only
handles deletion of license metadata and leave deletion of usage entries to
the CdmLicense class.
b/22097805
Change-Id: Ic55764d5357043d136e7d88583f709a4ceea3e64
[ Merge of http://go/wvgerrit/14920 ]
The renew_with_client_id field was not being correctly set when licenses
were being restored for usage reporting.
b/22047007
Change-Id: Ib769431b1e49bb498f53d8153a970b6c0a2776d2
Merge from widevine repo of http://go/wvgerrit/14870
OEMCrypto_GetMaxNumberOfSessions is not required to return a hard
limit for the number of sessions. This CL adjusts the test to verify
we can open within 5% of the maximum number of sessions.
bug: 22029687
Change-Id: I6e72e39338cead8d547cdb194a32fb7e7dc53037
The external/gmock project does not include the patches needed for
widevine, so renaming the internal copy allows both to coexist in the
build system.
(cherry-pick of 5b830f19b6 with conflict.)
Change-Id: I77c956db30921afffe31d11e1cd2d99541925f35
[ Merge of http://go/wvgerrit/14824 ]
OEMCrypto v9 added support for secure usage reporting with the help of
a session usage table. This was enabled through the replay control bits
in the key control block. It was expected that streaming licenses
would enable the nonce required bit, while offline licenses would
enable session usage table entry flag. There are certain cases
where content providers would prefer not to enable the flag for offline
licenses and this test verifies that this scenario works.
b/17514500
Change-Id: Icd1bea8cec2fd52be2be249424891ce1755d5f25
(This is a merge of http://go/wvgerrit/14810)
By making this constant unsigned, all calculations in EXPECT_ALMOST
were cast to unsigned, leading to underflow problems when it was
subtracted from zero.
Change-Id: Iefc4e30604c45fec8b203375074b26fb12ec385f
merge of http://go/wvgerrit/14807 from the widevine repo.
The mediaDrm API only allows for a single provisioning attempt at a time.
If concurrent provisioning attempts occur, resources are released from
all but the last request, in order to allow at least that one to be successful.
Any provisioning responses received before one from the last request will
be rejected. A side-effect was that all provisioning resources would
then be released. This caused a provisioning response from the last attempt
to be rejected as well. This CL corrects this behavior and releases resources
only if a provisioning attempt is successful.
The side-effect is that, if the response to the last request is not received
or failure occurs while processing, a crypto session may be held until the
next provisioning attempt.
In other cases of concurrency, provisioning responses to requests other than
the last which are received after the last response will be declared successful.
b/21879484
Change-Id: I3a840ceda1a16ee6adb40c2dbca6c4adf3da12c3
(This is a merge of http://go/wvgerrit/14795)
This change restores the ability to build the Widevine CDM for Android
for MIPS devices. It restores the precompiled binaries for MIPS and
re-adds MIPS to all makefiles.
This change includes a new build of the obfuscated binaries for
MIPS32r1 that were built using a MIPS device on the emulator.
level3/mips/libwvlevel3.a Level3 Library Jun 19 2015 12:32:49
Bug: 19482469
Change-Id: Ifa1c299a5751f3772c42289d8333a2b8cec51f69
(This is a merge of http://go/wvgerrit/14801)
The MIPS compiler does not support GNU hashing, which means this
compiler option needs to be excluded.
Bug: 19482469
Change-Id: I913f666a39eb535a33ebfbc49e5e7531115db5d4
