## 3.4.1 (2017-08-31) Features: - Preliminary support for sublicenses and key rotation using sublicenses. BugFixes: - Fixed build failure in protobuf host tools build (relaxed compiler warning checks). - Enabled a number of more restrictive compiler checks, and fixed non-compliant code. - Mock OEMCrypto: handle case of non-aligned nonce pointer in OEMCrypto_RewrapDeviceRSAKey() and OEMCrypto_RewrapDevideRSAKey30() ## 3.3.0 (2017-05-03) Features: - Support OEMCrypto V12. Versions 8 through 11 are supported through adapters. - Bugfixes to Provisioning 3.0. - Add tool for generating Provisioning 3.0 OEM Certificates. - Add property (provisioning_messages_are_binary)to control whether CDM generates/accepts provisioning messages in binary or base64+JSON format (default is base64+JSON). - Upgrade Protobuf kit (from 2.5.0 to 2.6.1). - Add Cdm::getServiceCertificateRequest() and Cdm::parseServiceCertificateResponse(). - Add API calls for managing usage records: - Cdm::listUsageRecords - Cdm::deleteUsageRecord - Cdm::deleteAllUsageRecords - Remove automatic Service certificate fetch from CDM. - The CDM client is responsible for ensuring the CDM has a valid Service Certificate. - Add status return to report that playback is blocked by HDCP or video resolution constraints (kKeyUsageBlockedByPolicy). - Provisioning Request and Response are base64 (web-safe) protobuf messages: - The request message in an IEventListener::onDirectIndividualizationRequest() callback. - The response message in the call to Cdm::update(). Conversions and/or filtering required by a particular Provisioning Server must be performed in CDM client code. Bugfixes: - Various compiler warnings. - Provisioning 3.0 bugfixes. ## 3.2.0 (2016-12-17) Features: - Changed location for fetching protobuf kit. Still using 2.5.0. - Upgrade stringencoders to most recent release (28ae396) - Upgrade gmock 1.7.0 to googletest 1.8.0 - Remove default service certificate. - Add Cdm::listStoredLicenses(). - Break decryption buffers into 100KiB blocks if/when needed. - Add Cdm::setVideoResolution(). - Add Cdm::isProvisioned() and Cdm::removeProvisioning(). - Add Cdm::removeUsageTable(). - Change default setting of Properties::use_certificates_as_identification to TRUE. - Changes to duration semantics in PolicyEngine. - Support Provisioning v3.0. - Add support for OEM Certificate - use it in provisioning request. - Pass provider ID from service certificate to provisioning request. - Retrieve device serial number from stored DRM Device Certificate. - Upgrade to OEMCrypto V12. Bugfixes: - Add log messages for bad Keybox token. - Make HTTP transactions in unit tests more robust. - Ensure proper cleanup of offline release sessions. - Avoid potential race condition on closing CDM sessions. - Move g_cutoff earlier in Cdm::Initialize() - allows early debug messages to be suppressed. - Unit test bugfixes. ## 3.0.6 (2016-08-15) Bugfixes: - Upgraded TLS version used in HTTPS connections made by the unit tests, for compatibility with recent changes to our servers ## 3.1.0 (2016-07-18) Features: - Updates to conform to EME June 10, 2016 Specification (http://www.w3.org/TR/2016/WD-encrypted-media-20160610/) - Add per-origin storage of all persistent data. - Use EME Direct Individualization to provision devices. - Add IEventListener::onDirectIndividualizationRequest() callback. - A "license-release" message is no longer fired on calls to load(). - Add CDM entry points for generic crypto operations (Cdm::genericEncrypt(), Cdm::genericDecrypt(), Cdm::genericSign(), Cdm::genericVerify()). - Add support for CENC 3.0 and decryption of encrypted HLS content. - Add support for querying allowed usage for a key (Cdm::getKeyAllowedUsages()). - Upgrade to OEMCrypto v11. - Numerous unit test additions and improvements. - Add jsmn to third\_party/. Bugfixes: - Remove IEventListener::onMessageUrl() callback. - Don't check/validate crypto mode when Decrypt is called with unencrypted data. - Ensure keys are loaded before sending OnKeyStatusChange notifications. This avoids errors due to prematurely checking key statuses. - Correctly handle a bad RSA key. ## 3.0.5 (2015-12-16) Features: - Add openssl\_config variable for gyp-based projects which already include OpenSSL or BoringSSL Bugfixes: - Sleep between tests to avoid triggering OEMCrypto nonce-flood errors on very fast machines ## 3.0.4 (2015-12-14) Features: - Enforce storage restrictions based on the license type and policy - Updated to EME spec 2015-11-20 - Updated kPersistent to kPersistentLicense - Updated kInvalidAccess with kTypeError and kRangeError - Updated kOutputNotAllowed to kOutputRestricted - Added key status kReleased - Added new session type (kPersistentUsageRecord) used for "secure stop" - Enabled WebM-related tests for CdmEngine Bugfixes: - Fixed OEMCrypto test bugs regarding nonce-enabled and nonce-or-entry flags - Fixed build system bug to allow adding the static CDM library as a dependency of another gyp static library target - Fixed message type for service cert requests - Fixed reporting of expiration for sessions which do not expire - Fixed test bugs in which changing execution order caused test failures - Fixed bug in OEMCrypto\_DeleteUsageTable in which the empty table was not written to disk - Fixed bug in CE CDM tests in which OEMCrypto usage table data was not cleared between test runs, causing issues with duplicate PSTs ## 3.0.3 (2015-11-09) Features: - Added x86-32 build settings Bugfixes: - Fix buffer overflow in mock OEMCrypto on 32-bit systems - Fixed OEMCrypto\_RefreshKeys return value - Fixed OEMCrypto\_GenerateRSASignature return value - Fixed assertions during server certificate provisioning, triggered by a race condition - Removed spurious error messages from CdmEngine::AddKey() - Fixed PSS verification in iOS privacy crypto implementation ## 3.0.2 (2015-09-18) Features: - Updated OEMCrypto docs - Privacy crypto implementation for iOS - Now builds with strict warnings and warnings as errors - Added an extra method to IEventListener to allow integration with older versions of Chromium using prefixed EME - *NOTE: This is temporary and will be removed in a future release* Bugfixes: - Fixed support for C++11 and clang - Prevent renewal license when can\_renew is false - Fixed variable-length key ID tests - Fixed enforcement of secure buffer types for decrypt - Fix type-casting issues with various versions of OpenSSL and BoringSSL - Return kNotSupported when generateRequest called with non-Widevine initdata ## 3.0.1 (2015-09-11) Features: - Added new methods to access app parameters available on Android - Test suite is now IPv6-ready - Exposed IClient inheritance for Cdm interface - Added baked-in cert support to the mock OEMCrypto Bugfixes: - Made improvements to tests for OEMCrypto and core - Return client ID information in secure stop - Fix multiple deletions of OEMCrypto usage table entries - Don't delete offline licenses when a new device cert is provisioned - Hardened BufferReader class - Removed excess logging in PSSH parser - Fixed iOS build issues with MD5 in DeviceFiles - Fixed iOS build issues with protobuf\_config==target - Fixed bugs in OEMCrypto v9 and v10 adapters - Fixed inclusion of unit test gypis from external projects Broken compatibility: - Added a cancel() method to ITimer, needed for some timer implementations ## 3.0.0 (2015-06-19) v3.0 introduced a completely new interface which is not backward compatible with v2.x. Features: - Simplified, synchronous interface which mimics EME APIs - Support for key statuses and session expiration times - Simplified build system with fewer build-time flags - Simplified initialization with runtime settings for client info, log levels, and secure output modes - Secure output modes are explicit, and individual decrypt requests can be done in the clear (for example, for platforms with L3 audio) - Device certificates are now required for all platforms and must be provisioned during initialization if not present - Simplified storage interface with more explicit methods - New integration guide which replaces several older documents