Prevent usage of client provided address on
non-secure devices spoofed as being secure.
b/23223325
merge of go/wvgerrit/15420 from widevine repo
Change-Id: I1d4f3a652b3d5e78fca508f92005cfa8df5ec6db
Prevent usage of client provided address on
non-secure devices spoofed as being secure.
b/23223325
merge of go/wvgerrit/15420 from widevine repo
Change-Id: I1d4f3a652b3d5e78fca508f92005cfa8df5ec6db
This change:
1) Switches the Makefiles over to using LOCAL_STATIC_LIBRARIES, which I
understand is the new hotness, rather than setting a -I flag directly.
2) Switches to the non-deprecated _ex versions for EVP_EncryptFinal.
3) Uses the EVP_PKEY interface for checking PSS signatures. This is the
only supported interface in OpenSSL: the PSS padding check functions are
only exported in upstream OpenSSL because it's a library from the 90s
and they don't have a concept of "unexported". Also, by using the EVP
functions, OpenSSL/BoringSSL can do a better job of being constant-time.
Since there aren't any obvious tests for checking that the signtaure
verification still works, I tested with the code in the referenced
paste, which includes both the old and new verification functions and
checks that they both work on a sample signature. (And I also checked
that they both fail when a bit in the signature is changed.)
https://paste.googleplex.com/5747976139964416
(cherry picked from commit 4f01ef23d1)
Change-Id: Iae7409c53eeea9c3892a32c180d7181d72467dcb
This is a copy of the widevine CL:
https://widevine-internal-review.googlesource.com/#/c/12742/
If a session is closed at the same time as an OnTimerEvent is
processing an event, there could be a race condition between the two
threads. This CL adds a lock that prevents a session from being
removed from the list while the timer is currently processing an
event.
If CloseSession is called while the OnTimerEvent method is active, the
session will be added to a dead list, and deleted when the timer event
has finished.
This CL does not address the main problem in bug 19252886, but
one bugreport, netflix_log_3.txt, indicates there may have been
a problem with the CDM timer.
bug: 19252886
Change-Id: I17190edaeb3eef1295d4d204232cc4262cb5fa9b
Netflix reported that after pulling power while their app is active,
the app isn't able to restart. This is because the license file for
session keys isn't getting synched to disk, so the data is still in
the buffer cache when the device shuts down. Calling fflush and fsync
on the file ensures the data is persisted to disk. fclose alone
doesn't do fsync.
In testing, I also noticed that the license file was being rewritten
every second which is hard on the flash filesystem. The timer thread
was modified to avoid these frequent writes.
Merge of https://widevine-internal-review.googlesource.com/#/c/12431/
from the widevine cdm repo.
bug: 19108207
Change-Id: Ibe81e40a3c1f5d25563523da43fefdccdaa6ddcf
Cherry pick of the widevine change
https://widevine-internal-review.googlesource.com/#/c/12082/
If the level 1 oemcrypto library loads and initializes, but has the
wrong version or does not have a valid keybox, then the level 3
fallback is used. However, in those cases, the level 1 was not
terminated properly. This caused a resource leak on some platforms.
With this CL, in OEMCrypto_Initialize, the level 1 library Terminate
is called if its Initialize was called and the level 1 library will
not be used.
bug: 18755226
Change-Id: I56e7d3349eeebd94f3fa8c4a1f4b21781cc7428b
(cherry picked from commit 62a9cf3cbe)
If a key query occurred before a license was received an UNKNOWN_ERROR was
returned. This now succeeds but returns no information (an empty container).
Also licenses that were already expired when received were not marked as such.
This did not cause violations in playback rules but caused an exception when
they were queried.
[ Merge of https://widevine-internal-review.googlesource.com/#/c/12300
from wv git repo ]
b/18843625
Change-Id: I6990765c15e519ddf203a2fd8f0a130306f090a6
Cherry pick of the widevine change
https://widevine-internal-review.googlesource.com/#/c/12082/
If the level 1 oemcrypto library loads and initializes, but has the
wrong version or does not have a valid keybox, then the level 3
fallback is used. However, in those cases, the level 1 was not
terminated properly. This caused a resource leak on some platforms.
With this CL, in OEMCrypto_Initialize, the level 1 library Terminate
is called if its Initialize was called and the level 1 library will
not be used.
bug: 18755226
Change-Id: I56e7d3349eeebd94f3fa8c4a1f4b21781cc7428b
Fix a warning in gcc-4.9:
In file included from
vendor/widevine/libwvdrmengine/cdm/core/src/max_res_engine.cpp:3:0:
vendor/widevine/libwvdrmengine/cdm/core/include/max_res_engine.h:56:9:
error: 'class wvcdm::MaxResEngine::KeyStatus' is private
class KeyStatus {
^
vendor/widevine/libwvdrmengine/cdm/core/src/max_res_engine.cpp:10:53:
error: within this context
typedef std::map<wvcdm::KeyId,
wvcdm::MaxResEngine::KeyStatus*>::const_iterator
(cherry picked from commit 944d085a79)
Change-Id: I4984bd52c52c36e59c4d09db5e4f4d581e577b07
