Source release 19.2.0

oemcrypto/odk/src/core_message_features.cpp

@@ -33,7 +33,7 @@ CoreMessageFeatures CoreMessageFeatures::DefaultFeatures(
       features.maximum_minor_version = 4;  // 18.4
       break;
     case 19:
-      features.maximum_minor_version = 1;  // 19.1
+      features.maximum_minor_version = 2;  // 19.2
       break;
     default:
       features.maximum_minor_version = 0;

oemcrypto/odk/src/core_message_serialize_proto.cpp

@@ -45,7 +45,7 @@ OEMCrypto_Substring GetOecSubstring(std::string_view message,
 }
 
 OEMCrypto_KeyObject KeyContainerToOecKey(
-    const std::string& proto, const video_widevine::License::KeyContainer& k,
+    std::string_view proto, const video_widevine::License::KeyContainer& k,
     const bool uses_padding) {
   OEMCrypto_KeyObject obj = {};
   obj.key_id = GetOecSubstring(proto, k.id());

oemcrypto/odk/src/odk_serialize.c

@@ -8,6 +8,8 @@
 
 #include "odk_serialize.h"
 
+#include "odk_message.h"
+#include "odk_overflow.h"
 #include "odk_structs_priv.h"
 #include "serialization_base.h"
 
@@ -237,6 +239,36 @@ static void Unpack_OEMCrypto_KeyObject(ODK_Message* msg,
   Unpack_OEMCrypto_Substring(msg, &obj->key_data);
   Unpack_OEMCrypto_Substring(msg, &obj->key_control_iv);
   Unpack_OEMCrypto_Substring(msg, &obj->key_control);
+
+  /*
+  Edge case for servers that incorrectly process protocol VERSION_2_2 padding.
+  Key data in proto is present, but each key's position in the core
+  message is missing.
+
+  Use the key_data_iv offset to determine if the key_data is present.
+  This assumes that the serialized protobuf is deterministically ordered, and
+  that the content key is always 16 bytes. These assumptions should hold true
+  for v16 and older servers.
+  */
+  if (ODK_Message_GetStatus(msg) == MESSAGE_STATUS_OK &&
+      obj->key_data.offset == 0 && obj->key_data.length == 0) {
+    const size_t kKeyDataProtoHeaderSize = 2;
+    obj->key_data.offset = obj->key_data_iv.offset + obj->key_data_iv.length +
+                           kKeyDataProtoHeaderSize;
+    obj->key_data.length = 16u;  // assume 16-byte key
+
+    // Check for overflow. The offset is relative to the end of the core
+    // message, so add that length to the calculation.
+    size_t substring_end = 0;  // offset + length
+    size_t end = 0;            // offset + length + message_length
+    if (odk_add_overflow_ux(obj->key_data.offset, obj->key_data.length,
+                            &substring_end) ||
+        odk_add_overflow_ux(substring_end, ODK_Message_GetSize(msg), &end) ||
+        end > ODK_Message_GetCapacity(msg)) {
+      ODK_Message_SetStatus(msg, MESSAGE_STATUS_OVERFLOW_ERROR);
+      return;
+    }
+  }
 }
 
 static void Unpack_ODK_TimerLimits(ODK_Message* msg, ODK_TimerLimits* obj) {

oemcrypto/odk/src/odk_timer.c

@@ -277,7 +277,7 @@ OEMCryptoResult ODK_InitializeSessionValues(ODK_TimerLimits* timer_limits,
       nonce_values->api_minor_version = 4;
       break;
     case 19:
-      nonce_values->api_minor_version = 1;
+      nonce_values->api_minor_version = 2;
       break;
     default:
       nonce_values->api_minor_version = 0;
@@ -355,7 +355,7 @@ OEMCryptoResult ODK_AttemptFirstPlayback(uint64_t system_time_seconds,
     return OEMCrypto_ERROR_INVALID_CONTEXT;
   }
   if (rental_time < timer_limits->earliest_playback_start_seconds) {
-    clock_values->timer_status = ODK_TIMER_EXPIRED;
+    clock_values->timer_status = ODK_CLOCK_TIMER_STATUS_EXPIRED;
     return ODK_TIMER_EXPIRED;
   }
   /* If the license is inactive or not loaded, then playback is not allowed. */