widevine-partner/ce_cdm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Source release 15.0.0

Browse Source
This commit is contained in:
John W. Bruce
2019-02-28 16:25:30 -08:00
parent f51edaba5a
commit 66628486b5
2672 changed files with 260431 additions and 762489 deletions
Download Patch File Download Diff File Expand all files Collapse all files

130
CHANGELOG.md
View File

@@ -2,6 +2,136 @@
[TOC]
## 15.0.0 (2018-02-28)
Features:
- Widevine CE CDM 15.0.0 supports and requires OEMCrypto v15.1. The OEMCrypto
header files, documentation, Reference OEMCrypto implementation, and tests
have been updated to v15.1. For a full list of new features in OEMCrypto
v15, please see the
[Widevine Modular DRM Version 15 Delta document][oec-15-delta].
- Note that the threading requirements for OEMCrypto implementations were
revised in OEMCrypto v15, and the Widevine CE CDM 15.0.0 takes greater
advantage of parallelism where possible. When the application uses the
Widevine CE CDM from multiple threads, the Widevine CE CDM will now be
more willing to call into OEMCrypto simultaneously from multiple threads,
though always obeying the guarantees put forth in the
[OEMCrypto v15 specification][oec-15].
- The Widevine CE CDM now requires support for C++11 and C11. A
C++11-supporting compiler and STL library are required in order to build
the Widevine CE CDM.
- We have begun replacing POSIX functions and headers with their C++11 STL
equivalents where possible. As a side-effect of this, it should be much
easier to compile the Widevine CE CDM for non-POSIX-compliant platforms.
- The Widevine-created drop-ins for several STL classes have been replaced
with their STL equivalents. This eliminates bugs originating in these
classes and improves performance on some systems.
- `wvcdm::scoped_ptr`
- `wvcdm::shared_ptr`
- `wvcdm::Lock`
- `wvcdm::AutoLock`
- The Widevine CE CDM now builds with hidden visibility as the default and
only exports symbols that correspond to the public API of the library. This
allows the final binary to be smaller and faster and can reduce conflicts
with other libraries.
- It is now possible to set separate service certificates for the Provisioning
Service and the Licensing Service. Methods that install a service
certificate now take a parameter that indicates if this certificate is to
be installed for the Provisioning Service, the Licensing Service, or both.
- To replicate the previous behavior, pass `Cdm::kAllServices` to install
the certificate for both services at the same time.
- It is now valid to pass `nullptr` to
`Cdm::parseAndLoadServiceCertificateResponse()` if you do not want to cache
the parsed certificate for future reuse.
- The `onDirectIndividualizationRequest` callback has been removed. In
Widevine CE CDM 14.1.0, `Cdm::getProvisioningRequest()` and
`Cdm::handleProvisioningResponse()` were added to allow applications to
proactively provision unprovisioned devices. Starting with Widevine CE CDM
15.0.0, using these methods is now *mandatory*. There is no more
`onDirectIndividualizationRequest` callback, and trying to open a session,
generate a license request, or load an offline license will return an error
if the device is not provisioned.
- The existing method `Cdm::isProvisioned()` can be used to check if the
device is provisioned at run-time.
- The status code `kDeferred` has been removed.
- There is now an overload of `Cdm::decrypt()` that takes an explicit session
to use for decryption as a parameter. Ordinarily, `Cdm::decrypt()` will
automatically find the session that matches the Key ID specified in the
`input` parameter. However, there are some situations where the Key ID may
not yet be known, such as when feeding clear content through
`Cdm::decrypt()` before the Key ID is known. In these cases, it is necessary
to be explicit about which session the CDM should use for decryption.
- The Widevine CE CDM now supports Provider Client Tokens. If the license
server includes a Provider Client Token with the license, then it will be
copied to any renewal requests that are generated for that license.
- The test code has been refactored and centralized so that it will be more
reliable when running only a subset of the unit tests.
- `build.py` now supports a `-v`/`--verbose` flag that can be passed to turn
on verbose build output from the underlying build tool.
- The OEM Certificate Generator now supports both PEM and DER format
intermediate certs.
- It is now possible to specify a path to NASM. This is only of interest for
partners who are building for Windows and using assembly language code.
- We have improved logging fidelity, particularly around the level of detail
of logged error codes.
- Several new tests have been added, including tests that exercise the
Widevine CE CDM from multiple threads simultaneously.
[oec-15]: ./oemcrypto/docs/WidevineModularDRMSecurityIntegrationGuideforCENC_v15.pdf
[oec-15-delta]: ./oemcrypto/docs/Widevine_Modular_DRM_Version_15_Delta.pdf
Dependency Updates:
- The bundled version of Protobuf has been updated to [v3.6.1][proto-3.6.1].
Note that, as before, Widevine CE CDM will work with any version of Protobuf
back to 2.6. However, we provide the version of Protobuf that we test with
internally as a default.
- The bundled version of BoringSSL has been updated to commit
[`f18bd55240b229a65df48e7905da98fff18cbf59`][boringssl-f18bd5].
- The `legacy_kit` version of BoringSSL that was previously used only by the
unit test code has been removed. All Widevine CE CDM code now uses the
same version of BoringSSL.
[proto-3.6.1]: https://github.com/protocolbuffers/protobuf/releases/tag/v3.6.1
[boringssl-f18bd5]: https://boringssl.googlesource.com/boringssl/+/f18bd55240b229a65df48e7905da98fff18cbf59
Bugfixes:
- A bug has been found in all versions of the Widevine CE CDM prior to this
one that can cause leaks and crashes when the CDM is used in a
multi-threaded environment. The class `wvcdm::shared_ptr` contains
operations that it claims are atomic which are not, in fact, atomic.
This bug is a non-issue starting with CE CDM 15.0.0 because
`wvcdm::shared_ptr` has been removed, but please be aware that this issue
exists in all previous CDMs. This issue does not affect devices where the
CDM cannot be used from multiple threads at once.
- Several memory leaks have been fixed in this release. Thank you to the
partners who reported these to us.
- The new parallel operation tests have allowed us to find and fix several
multi-threading issues.
- Fixed a bug where compilation of Protobuf (but not the rest of the CDM)
would sometimes ignore compiler flags being set by the platform.
- Fixed a problem that could occur during callbacks on platforms where
pthreads does not allow the same thread to recursively take a lock.
- Two order-of-destruction ambiguities that could cause crashes during CDM
teardown on certain platforms have been fixed.
- Fixed an issue that could cause repeated decrypts with the same key to fail
when using entitled content keys, depending on specific details of how
OEMCrypto was implemented.
- The comments on `Cdm::setVideoResolution()` have been updated to clarify
that the resolution being passed in should be the resolution of the content
being played, not the output resolution of the device. The behavior of this
function is unchanged, as this was always true.
- Some log messages were missing linefeeds at the end. These have been added.
- Several tests that were disabled have been fixed and re-enabled.
- APIs that rely on selecting a usage table entry at random were not
sufficiently random in certain situations. Their selection will now be more
random.
- Note that this does *not* affect cryptographic random number generation,
which was already sufficiently random.
- Fixed some bugs that could occur when the usage table was full, particularly
if random number generation was not sufficiently random.
- Fixed spurious failures that could occur rarely during
`UsageTableHeaderTest`.
## 14.2.0 (2018-10-12)
Features: