23f7cd60a7
The sc-dev branch on Android is out of sync with several important changes on the CDM master branch. This changes copies several CLs. [ Merge of http://go/wvgerrit/104524 ] OEMCrypto unittest: generic crypto APIs Add unit tests to verify that generic crypto APIs do not crash for large input buffer lengths and signature lengths. [ Merge of http://go/wvgerrit/106583 ] Fix secure buffer tests in OEMCrypto testbed The secure buffers were not being used correctly in the testbed, and were failing OEMCryptoMemoryCopyBufferForHugeBufferLengths. [ Merge of http://go/wvgerrit/109603 ] Reject block_offsets of 16 or greater in OEC Ref This is a potential security hole. We will be enforcing that OEMCrypto rejects this in an upcoming test, so the Ref must be updated to reject it. [ Merge of http://go/wvgerrit/110165 ] Fix Format String Signedness See above for full description. [ Merge of http://go/wvgerrit/111784 ] Fix heap overflow test in L3 and OEMCrypto ref Check the length of wrapped_rsa_key_length before casting to WrappedRSAKey struct. [ Merge of http://go/wvgerrit/113563 ] Reword "blacklisted" to "forbidden" [ Merge of http://go/wvgerrit/113583 ] Use error code from RAND_bytes The return code from RAND_bytes was not used correctly. [ Merge of http://go/wvgerrit/113644 ] Check for buffer overflow when computing subsample size The test DecryptCENCForNumBytesClearPlusEncryptedOverflowsSize cleverly picks num_bytes_clear + num_bytes_encrypted = 1 after integer overflow. This is in the refernce code, level 3, and odkitee. [ Merge of http://go/wvgerrit/113683 ] OEMCrypto reference code: respect analog flags for clear buffers The reference code should honor the analog_display_active flag for both clear and secure buffers. [ Merge of http://go/wvgerrit/114883 ] Add size check for IV in OEMCrypto APIs IV is supposed to be 16 bytes but the size is never checked before iv gets used in LoadProvisioning. Bug: 145026457 Bug: 147569428 Bug: 159847851 Bug: 162372059 Bug: 169278035 Bug: 169980065 Bug: 173460694 Bug: 173994023 Bug: 174523584 Bug: 175001473 Bug: 175041667 Test: No compiled files changed Change-Id: If0ccd1cd3a56f72eedd2a6cb202a34bc7b43ca0d
This is the source code for the Widevine Content Decryption Module (CDM) for the Android OS. It provides the libwvdrmengine plugin for DRM. Partners who are integrating a device should be familiar with the documents in the docs directory. This source code is NOT open source, and is not part of AOSP. However, it is released to partners external to Google after official Android releases. For this reason, partners should look for bug fixes and software updates on the widevine branches: +------------------------------+------------------------------+ |Android Version |Branch | +------------------------------+------------------------------+ |Android L |lmp-mr1-widevine-release | +------------------------------+------------------------------+ |Android M MR1 |mnc-mr1-widevine-release | +------------------------------+------------------------------+ |Android N MR2 |nyc-mr2-widevine-release | +------------------------------+------------------------------+ |Android OC |oc-widevine-release | +------------------------------+------------------------------+ |Android OC MR1 |oc-mr1-widevine-release | +------------------------------+------------------------------+ |Android Pi |pi-widevine-release | +------------------------------+------------------------------+