widevine-partner/ce_cdm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
ce_cdm/CHANGELOG.md
Googler 6d36a0c93d Source release 19.6.0 
GitOrigin-RevId: 13a33e34413c19da1bfe76abcc66be519c9ac9d1
2025-06-09 23:44:53 -07:00

1725 lines
88 KiB
Markdown
Raw Permalink Blame History

# Widevine CE CDM Changelog
[TOC]
## 19.6.0 (2025-06-06)
### Features
- Added "form factor" and "platform" to client ID.
### Bug Fixes
- Gracefully handle OEMCrypto_GenerateNonce() implementations that set the
nonce reference argument to zero on failure.
- Cleaned up `CertificateProvisioning` state. This prevents mismatched public
and private cert keys when an app makes multiple provisioning 4.0 requests.
- Implemented various small fixes suggested by clang-format and clang-tidy.
### Tests
- Updated `OEMCryptoClientTest.CheckBuildInformation_OutputLengthAPI17` to
accept a returned SHORT_BUFFER size that is larger than the actual required
size.
- Updated `OEMCryptoClientTest.CheckJsonBuildInformationAPI18` to treat the
JSON fields in the `ree` block as optional.
### Dependency Updates
- Updated libcppbor to 61d9bff9605ad2ffd877bd99a3bde414e21f01a2. Modifed some
Android-specific include names in order to compile correctly without
Android.
## 19.5.0 (2025-04-02)
This is a minor release with bug fixes, test improvements, and dependency
updates.
### Features
- Updated `HasRootOfTrustBeenRenewed()` to detect Drm Reprovisioning
- Updated CE BCC extraction tool:
- Added a Makefile to `wv_factory_extractor` tool
- Added an option to run BCC validator with the tool
- Refactored `ProvisioningHolder` to separate generate, fetch, and load
operations
### Bug Fixes
- Ignored certain errors during `RemoveOfflineLicense()` for apps which have
been unprovisioned
- Allowed `key_session` to be equal to `oec_session` when removing entitled
key sessions
### Tests
- Added test `PrintClientAndServerVersionNumber` that prints the core message
info for both provisioning and license request/response
- Updated provisioning server version test to accommodate v16 responses
- Relaxed BCC validation test requirements, downgrading non-critical errors
to warnings and improving output clarity
- Added integration test to verify that renewal is not needed before renewal
delay seconds
- Added check to verify that renewals include client ID when "always includes
client ID" is true
- Updated `CdmUseCase_LicenseWithRenewal` test to verify that request has
correct info for persistent license
- Added a test to verify PST with length 127 succeeds
- Added new duration tests:
- A test for loading licenses unrelated to the content being played back
- Tests for the `30sSoftRental_UnlimitedPlayback` scenario
- Tests with past and future license start time policies
- Tests for short playback timers with unlimited rental duration
### Dependency Updates
- Updated BoringSSL to latest (e4b6d4f7)
- Updated googletest to latest (4902ea2)
## 19.4.0 (2024-11-27)
This is a minor release with bug fixes and test improvements.
### Features
- Add support for new OEMCrypto_GetBCCSignatureType() API. This API is optional
and only used on devices that support Provisioning 4 with a Phase 3 DICE
chain.
- Add credential types to client identification protobuf
- Return BCC signature type into client identification protobuf
- BCC extraction tool updates and refactoring
- Rewrite BCC, DeviceInfo and CSR Payload validators to cover info parsing,
validating and updating unit tests
- Update error codes returned by cbor/provisioning 4.0 validators to be less
severe when possible
- Add a few required fields for test-generated BCC
- Include licensing files with this release and future CE CDM releases
### Tests
- Update license release tests to accomodate differences in behavior for CE
CDM and Android
- Update some CAST tests to enforce format of the message signed by
OEMCrypto_GenerateRSASignature()
- Add tool to extract BCC and build info for BCC uploading test
- Skip usage table tests on devices that don't support usage tables
- Fix key type used in InstallOemPrivateKeyCanBeUsed test
- Re-enable OEMCrypto security tests
- Allow multiple callbacks in TestSleep class to prevent multiple classes
trying to register a callback
- Improve error logging for tests
- Add log statement on failure when device with a TEST_ONLY system ID cannot
play production content
### Bug Fixes
- Fix HLS parsing of bad content IDs
- Revert change to limit output buffer size during decrypt fallback due to
failures seen in 19.3 because the output buffer was not big enough
- Update blank OEMCrypto devsite test pages
- Small fixes to reduce compiler warnings
## 19.3.0 (2024-09-04)
This is a minor release with bug fixes and test improvements, as well as
internal code-quality cleanups that do not affect the CDM's behavior. However,
because of improvements to the BCC Factory Upload Tool, we recommend that all
partners who use this tool upgrade to version 19.3.0.
### Features
- Added workaround for OEMCrypto implementations with slightly corrupted build
information
- The BCC Factory Upload Tool supports new command-line options for dry runs,
batch checks, version-checking, and verbose output.
### Tests
- Added new tests to better validate the behavior of
`OEMCrypto_BuildInformation()`
- Verifies output length is set correctly
- Verifies content is ASCII JSON without trailing null bytes
- Verifies documented JSON fields: required fields are present, and optional
and required fields are the correct JSON types
### Bug Fixes
- Fixed decrypt failures on devices with low TEE memory caused by sending an
output buffer to decrypt that was much larger than necessary
- Several BCC Factory Upload Tool fixes:
- Added the missing `FileSystem::Exists()` function
- Fixed a bug causing the output to be unnecessarily padded
- Fixed an issue where fields containing JSON were not properly escaped
## 19.2.0 (2024-06-24)
This is a minor release with bug fixes and test improvements.
### Features
- Supports up to OEMCrypto v19
- Added new test data for entitled licenses
- Added new tests for clear lead sample decryption
### Bug Fixes
- Fixed backwards compatibility issues found in License Protocol v2.2
- Improved error logging for tests
- Small fixes to reduce compiler warning
- Fixed URL error found for tests using different license server SDK
- Skip CAS tests on non-CAS devices
## 19.1.0 (2024-03-28)
Note: Release v19.0 was skipped so that this release's version number matches
the OEMCrypto version.
CE CDM v19.1.0 includes all changes from CE CDM v18.5.0.
### Features
- Supports up to OEMCrypto v19.1, including new OEMCrypto tests introduced
since OEMCrypto v18.
- Added support for License Protocol v2.2, which uses SHA256-signed license
requests.
- Raised the minimum required version of C++ to C++17.
- Added a new error code, `kDeviceRevoked`, which requires special handling.
- `kDeviceRevoked` may be returned from any method that processes a service
response. It indicates that the device's root of trust has been revoked
and is no longer trusted.
- All service interactions will fail after this, even after a device reboot
or factory reset. Apps may want to handle this error by using a different
DRM system, if supported.
- Devices that support renewal can escape this condition by renewing their
root of trust. Root of trust renewal is outside the scope of CE CDM.
You'll need to work directly with your Widevine contact.
- Improved code performance slightly by reducing copy operations.
- Added additional tests to check for problems when moving usage entries.
### Bug Fixes
- Fixed a potential out-of-bounds read in the logging code for certain
invalid severity level values.
- Fixed many minor issues identified via static analysis.
## 18.5.0 (2024-03-28)
Note: Releases v18.2-18.4 were skipped so that this release's version number
matches the OEMCrypto version.
CE CDM v18.5.0 includes all changes from CE CDM v17.3.0 and v18.1.0.
**It is strongly recommended** for partners to update from v18.1 to v18.5 to
address two major bugs in the CE CDM code which could result in lost offline
licenses or app crashes. See _Bug Fixes_ for 18.5.0 and 17.3.0 for details.
### Features
- Supports up to OEMCrypto v18.5, including new OEMCrypto tests introduced
since OEMCrypto v18.1.
- Added support for Cast provisioning 4.0
- Cast uses a slightly different provisioning 4.0 protocol compared
to non-Cast cases. The additions to the protocol are internal
to the library, and do not require API changes for CE CDM users
- Additional tests are included, these tests will automatically
skip for device which do not use provisioning 4.0.
- Improved performance for unencrypted data provided via `Cdm::decrypt()`.
- Some apps are known to always use decrypt calls, even if parts of the
data are completely unencrypted. The CDM will now check if samples/
sub-samples of decryption batch data can skip the decryption stage
and instead directly copied to the secure output.
- Various minor performance improvements
- Reduced internal data copying.
- Test runtime improvements:
- Skipped set up for unsupported features.
- Improved test data storage management.
- Removed unused internal testing fixtures.
- Compile time improvements by better dependency checks for third-party
libraries.
- CE CDM now compiles clean with `-Wunused-parameter`.
- Added support for new provisioning flow for baked-in certificates
on devices using Widevine's embedded device certificate.
- Affected partners should check the L3 OEMCrypto documentation for
details.
- Added new tests for CE CDM and OEMCrypto v18.5 features.
### Bug Fixes
- Fixed major issue with loss of offline licenses when stored license count
exceeds OEMCrypto's usage table size limit.
- Issue only affects users with 300 or more downloaded offline licenses
across all apps.
- Fixed minor issue with tests which were generating many warnings from
expected behavior.
- These warning did not cause the tests to fail, but created a lot of noise
when trying to diagnose other failures
## 17.3.0 (2024-03-28)
Note: Release v17.2 was skipped so that this release's version number matches
the OEMCrypto version.
CE CDM v17.3.0 includes all changes from CE CDM v17.1.2.
**It is strongly recommended** for partners to update from v17.1 to v17.3 to
address a major bug in the CE CDM code which could result in app crashes. See
_Bug Fixes_ for details.
### Features
- Supports OEMCrypto v17.3.0, including new OEMCrypto tests introduced in
v17.3.0.
- Added additional logging when license request fails, to help diagnose what
went wrong.
- Improved support for HDCP v1.0-1.4 version.
- `Cdm::getStatusForHdcpVersion()` can now accept a specific HDCP 1.x minor
version (specifically 1.0, 1.1, 1.2, 1.3, or 1.4) when checking if
content can be decrypted.
- The legacy behavior is still available via `Cdm::HdcpVersion::kHdcp1_x`.
- See _Bug Fixes_ note about related bug in previous versions.
### Bug Fixes
- Fixed major issue with memory corruption when apps misuse the API by making
certain key operations before license is loaded.
- Specifically, if an app generates a license request via
`Cdm::generateRequest()`, then calls `Cdm::remove()` before
`Cdm::update()` with the license response it can cause the CDM to crash.
- Fixed mistaken test failures when the CE CDM and OEMCrypto versions were not
identical.
- Fixed an issue where the OEMCrypto tests were enforcing v18 device ID
requirements on v17 integrations by mistake.
- Fixed an issue with DRM certificate serial number stability for
provisioning 4.0 devices.
- This only affected very specific devices when going through their
specific factory reset process.
- Added additional tests to catch future, similar errors.
- Fixed an issue with `Cdm::getKeyStatuses()` reporting error for certain
licenses which use specific HDCP v1.x minor versions.
- Fixed an issue with URL parsing in test code for renewal requests
- Certain tests used special URL parameters which were not properly
accounted for in the CE CDM's test utility code; this caused tests
to fail on otherwise working devices.
- Fixed the CAS tests sometimes not being skipped on non-CAS-supporting
devices.
- Removed tests that explicitly tested against Widevine's staging
provisioning servers.
## 18.1.0 (2023-06-23)
### Features:
- Supports and requires OEMCrypto v18.1.
- Removed support for persistent usage records. (a.k.a. Secure Stops) W3C has
removed this session type from the EME specification, and Chrome has
deprecated their equivalent session type. The following API methods have
been removed:
- `Cdm::listUsageRecords()`
- `Cdm::deleteUsageRecord()`
- `Cdm::deleteAllUsageRecords()`
- There's a new host interface that integrators must implement, `ILogger`.
This interface has only one method, `log()`. It's called anytime the CE CDM
wants to log a message. This replaces the CE CDM's previous behavior of
logging all messages to `stderr`.
- For users that just want to log messages to `stderr` as in previous CE
CDM versions, a reference implementation is provided in `stderr_logger.h`
that logs all messages to `stderr`.
- The `privacy_mode` parameter may now be omitted when calling
`Cdm::create()`. It defaults to `false`.
- A new event, `onExpirationChange()`, has been added to `IEventListener`.
It'll be called anytime the expiration time of a session changes.
- A new parameter, `server_url`, has been added to
`IEventListener::onMessage()`. Use of this parameter is optional, and it has
no equivalent in EME. For renewal and release messages, it'll contain a
reminder of which license service to send the message to. This can be
useful if the app doesn't want to hardcode this information or get it
out-of-band.
- Added additional logging when provisioning fails, to help diagnose what went
wrong.
- Improved specificity of the logs when a CE CDM API method returns an error.
- Added support for licenses whose renewal timers start when the license is
loaded instead of on first decryption.
- Tests that are skipped because they don't apply to the device being tested
are now marked as SKIPPED instead of PASSED.
### Bugfixes:
- Fixed errors that could occur if the OEMCrypto integration reported a minor
version number for HDCP 1.x.
- Fixed an issue where the CDM might violate the threading guarantees for
`OEMCrypto_LoadOEMPrivateKey()`.
- Fixed rare errors that could occur if two threads tried to perform usage
actions simultaneously.
- Fixed errors that would occur if an entitled key was loaded into the session
with ID zero. This could happen if OEMCrypto reuses the session IDs of
closed sessions.
### Dependency Updates:
- The bundled version of Protobuf has been updated to [v21.12][proto-v21.12].
(a.k.a. 3.21.12)
- The bundled version of BoringSSL has been updated to commit
[`e1b8685770d0e82e5a4a3c5d24ad1602e05f2e83`][boringssl-e1b868].
[proto-v21.12]: https://github.com/protocolbuffers/protobuf/releases/tag/v21.12
[boringssl-e1b868]: https://boringssl.googlesource.com/boringssl/+/e1b8685770d0e82e5a4a3c5d24ad1602e05f2e83
## 17.1.2 (2023-06-23)
### Features:
- Added APIs to support Google Cast functionality on devices whose OEMCrypto
implementations support being a Cast Receiver.
- Note that if you plan to support Cast Receiver functionality, you must run
the unit tests with the `--cast` flag in order to add the Cast Receiver
unit tests to the test run.
- Added `Cdm::initDataContainsEmbeddedKeys()`, which allows clients to ask the
CE CDM whether a given initialization data blob contains embedded keys,
which may affect how it should be passed to the CDM.
- The CE CDM will now returning a meaningful error instead of
`kUnexpectedError` in more cases.
- Improved logging of failed server responses during tests.
### Bugfixes:
- Fixed an issue where `Cdm::getKeyAllowedUsages()` would return the wrong
value for entitled keys.
- Fixed a rare crash that could occur when opening and closing sessions in
parallel from different threads.
- Fixed rare issues that could occur when provisioning multiple sessions in
parallel from different threads.
- Fixed an issue that could occur on some OEMCrypto implementations because
the code to restore a persistent license failed to generate a nonce before
signing a fake license request.
- Reduced the amount of "L1 Terminate" spammed to the log.
- Fixed crashes that could occur due to `OEMCrypto_GetBootCertificateChain()`
returning an empty additional signature.
- Fixed issues that could occur if multiple persistent licenses shared the
same PST.
- Improved the reliability of the parallel decrypt tests on slow OEMCrypto
implementations.
- Improved the reliability of the duration tests on slow internet connections.
## 17.1.1 (2022-11-28)
### Features:
- For platforms that _cannot_ support compile-time client info, an interface
has been added that enables runtime client info support on CE CDM 17.
Widevine still recommends using compile-time client info if possible.
- To enable runtime client info, you must change your platform's
`client_info_source` property to `runtime` and then set the
`read_client_info_path` variable to point to a GYP target that implements
`read_client_info.h`. You are responsible for providing an implementation
of `read_client_info.h` that reads your platform's runtime client info.
- An example of how to use runtime client info is provided in
`platforms/example-runtime-client-info/`.
- Since the OEMCrypto Ref is no longer distributed by Widevine, the lines
offering it in `platform_properties.gypi` have been removed. It is no longer
the default OEMCrypto target.
- The example platform has been updated with its own stubbed-out
implementation of OEMCrypto. This will allow the example platform to build
without the OEMCrypto Ref but will not allow it to pass unit tests.
- The Provisioning 4.0 factory upload tool is now released alongside the CE
CDM.
### Bugfixes:
- The files `oem_cert.h` and `oem_cert.cpp` were omitted from 17.1.0 by
mistake and are now included.
- The ODK is now distributed with the CE CDM again in order to facilitate the
OEMCrypto unit tests.
- Fixed an issue where `CdmIndividualizationTest.RemoveProvisioning` would
fail for Provisioning 4.0 devices.
## 17.1.0 (2022-06-29)
**Note:** CE CDM 17.1.0 is the first release of the CE CDM 17 series. It is
numbered 17.1 to reflect that it supports and requires OEMCrypto v17.1.
### Features:
- Supports and requires OEMCrypto v17.1.
- Supports Provisioning 4.0, a new provisioning scheme that does not require
installing keyboxes in the factory. Talk to your Widevine Partner
Engineering contact if you would like to start using Provisioning 4.0.
- Includes a large number of additional tests that exercise edge-cases in the
CDM and OEMCrypto. The total run-time of the unit test suite is now very
long. As such, partners are recommended to run only a subset of the full
suite during development. Information on what subset to run and how to do
this can be found in the CE CDM Integration Guide.
- Note that running the full test suite is still required before you can
release your device.
- Documentation is no longer distributed with the CDM as a PDF and can now be
found on the [Widevine Developer Site][wv-devsite].
- The CE CDM no longer includes a copy of OEMCrypto with the CDM. If you are
an OEMCrypto implementer, you should have access to the
[OEMCrypto partner repository][oec-partner-repo], which contains additional
source code and information about implementing OEMCrypto, including the
Widevine-written OEMCrypto implementation, the OEMCrypto Porting Kit. (OPK)
If you are not an OEMCrypto implementer, then you will need to get an
OEMCrypto implementation from your SoC manufacturer before you can use the
CE CDM.
- Added a method to retrieve the system ID of the underlying OEMCrypto
implementation.
- Client information is no longer passed into `Cdm::initialize()` at runtime.
Instead, client information is set at compile-time and baked into the CDM
binary. New variables have been added to `platform_properties.gypi` to
support this.
- A method has been added to retrieve the client information from the CDM.
- A new example platform directory has been released, `example/`, which will
provide a cleaner base to build your own platform files from than the
previous `x86-64/` directory.
[wv-devsite]: https://developers.google.com/widevine/drm/client/ce-cdm
[oec-partner-repo]: https://widevine-partner.googlesource.com/oemcrypto/
### Dependency Updates:
- The bundled version of Protobuf has been updated to [v3.19.1][proto-3.19.1].
Note that, as before, Widevine CE CDM will work with any version of Protobuf
back to 2.6. However, we provide the version of Protobuf that we test with
internally as a default.
- The bundled version of BoringSSL has been updated to commit
[`731d6cbef936e60a04738edf4eb4fc93e187706a`][boringssl-731d6c].
- The bundled version of googletest & googlemock have been updated to commit
[`e2f3978937c0244508135f126e2617a7734a68be`][googletest-e2f397].
[proto-3.19.1]: https://github.com/protocolbuffers/protobuf/releases/tag/v3.19.1
[boringssl-731d6c]: https://boringssl.googlesource.com/boringssl/+/731d6cbef936e60a04738edf4eb4fc93e187706a
[googletest-e2f397]: https://github.com/google/googletest/commit/e2f3978937c0244508135f126e2617a7734a68be
### Bugfixes:
**Note:** As CE CDM v17.1 contains almost two years of bugfixes since the
previous release, this list contains only highlights and is not comprehensive.
- Fixed an issue where the host interfaces could not be stored in smart
pointers due to the visibility of their destructors.
- Fixed an issue where the CDM could try to access the usage table header via
the wrong `IStorage` instance.
- Widevine now does development with a stricter set of flags and sanitizers,
which have enabled us to find and fix several issues in the code and should
allow it to build on a wider range of toolchains without customizing
compilation flags.
- Changed several log messages to format values in a more cross-platform way.
- Several crashes due to null pointers and thread-safety issues have been
fixed.
- Fixed an issue where the unit tests could crash depending on the order the
object files were linked into it.
## 16.4.0 (2020-10-09)
Features:
- The included version of the ODK has been updated to v16.4. CE CDM 16.4.0 is
required to take advantage of the changes in ODK v16.4.
- New OEMCrypto tests have been added to test whether OEMCrypto correctly
handles huge buffer size edge cases.
- The warning and error flags used by the example `x86-64` platform have been
significantly revamped with the goal of greater strictness and better GCC
compatibility. As always, these flags are strict to help Widevine detect and
debug problems and may not be the best for your platform, particularly on
debug builds. You should always use the flags that are best for your
platform.
- As part of this, the sample `x86-64` platform now enables [ASan][asan] and
[UBSan][ubsan] on debug builds. These have a significant memory and
performance impact. Feel free to not enable ASan and UBSan if your
platform does not support them or if their memory and performance impact
are unacceptable to you. The sample `x86-64` platform does not enable ASan
or UBSan for release builds.
- To maximize the benefit of UBSan, the sample `x86-64` platform now turns
on RTTI for debug builds. The Widevine CE CDM does not use RTTI and will
still build correctly without it. Feel free to turn it off if your
platform does not support RTTI. The sample `x86-64` platform turns off
RTTI for release builds.
- Several changes have been made to how `build.py` handles build
configurations. (e.g. "debug" builds vs. "release" builds)
- Previous CE CDM releases assumed that the platform's `settings.gypi` file
would define, at a minimum, build configurations called `Debug` and
`Release`. This requirement was undocumented, but failing to define them —
even if your platform did not need them — would result in build failures.
`build.py` has been reworked to not make any assumptions about what build
configurations the platform defines. You are now free to define any build
configuration names you like.
- The example debug build configuration is now named `debug`. (all
lowercase)
- The example release build configuration is now named `release`. (all
lowercase)
- The `build.py` script now requires that callers explicitly indicate which
build flavor they would like to build. There are three ways to do this:
- The `--config` flag allows you to specify any build configuration that
you have defined in your platform's `settings.gypi` file.
- `--debug` is a shorthand for `--config debug`.
- `--release` is a shorthand for `--config release`.
- License renewals are now tested against both the original licensing service
and the service specified in the license.
[asan]: https://github.com/google/sanitizers/wiki/AddressSanitizer
[ubsan]: https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html
Dependency Updates:
- The bundled version of Protobuf has been updated to [v3.12.4][proto-3.12.4].
Note that, as before, Widevine CE CDM will work with any version of Protobuf
back to 2.6. However, we provide the version of Protobuf that we test with
internally as a default.
- This copy of Protobuf has been patched with Protobuf
[pull request #7428][proto-pr-7428], which is necessary to let Protobuf
3.12.4 build when RTTI is disabled.
[proto-3.12.4]: https://github.com/protocolbuffers/protobuf/releases/tag/v3.12.4
[proto-pr-7428]: https://github.com/protocolbuffers/protobuf/pull/7428
Bugfixes:
- Fixed issues preventing several offline license use cases from working on
devices that do not support usage tables.
- If your device does not support usage tables, you *must* use CE CDM 16.4
and ODK v16.4 to properly support offline licenses and license expiry.
Older 16.x releases will not work.
- We consider usage tables a standard feature, and not supporting them is an
exception. Usage tables are used to save playback times for offline
licenses and are needed to support several use cases that restrict
playback duration. They are also used to support secure stops, which are
used by several major content providers. If your device does not support
usage tables but expects to support offline license, please talk to your
Widevine TAM so that we may understand what is blocking this support.
OEMCrypto is planning to make usage table support mandatory in a
future release.
- Fixed issues that could occur if the device reports it has unlimited usage
table capacity.
- Fixed an issue where nonce-free licenses with nonzero durations would not
expire/renew correctly.
- Fixed an issue where offline licenses with offline renewals would either
fail to load or load correctly but send multiple state change messages to
the app.
- The enums exported by the CE CDM API in `cdm/include/cdm.h` now have defined
backing types. This helps avoid some benign undefined behavior.
- Fixed a crash that could occur when using OpenSSL with the CE CDM.
- Fixed some missing header errors when compiling the CE CDM with OpenSSL
instead of BoringSSL.
- Fixed several issues in the OEMCrypto unit tests that were erroneously
requiring OEMCrypto to hold onto the session key longer than required by the
OEMCrypto specification.
- An issue where tests would sometimes derive keys from the session key
twice.
- An issue where tests were deriving keys from the session key too early.
- Fixed an issue where the OEMCrypto unit tests were asking OEMCrypto to read
past the end of a buffer.
- Fixed an issue where the CDM would not allow a license to be loaded and
restored in the same session.
- The OEMCrypto Reference Implementation now has more stringent
bounds-checking in some places.
- Fixed an issue where the `TimeRollbackPrevention` tests would fail on some
devices.
- Fixed an issue where the metrics unit tests could fail if the device uses
Provisioning 3.0.
- Fixed an issue where the OEMCrypto unit tests would not respond correctly if
if the RSA key failed to load.
- Fixed many places where the wrong format string was being used to format
log messages. Format strings are now checked at compile-time on the sample
`x86-64` platform.
- The `build.py` script will no longer write `.pyc` files to the filesystem.
- Fixed an error that would occur on devices that return
`OEMCrypto_ERROR_NOT_IMPLEMENTED` from `OEMCrypto_SupportsDecryptHash()`.
- Fixed an issue where expiry of the renewal delay was not accurately
detected when using some OEMCrypto v16 implementations.
- Fixed an issue where debug symbols were sometimes turned on for third-party
code even when they were turned off otherwise.
- Fixed several issues in the OEMCrypto Reference Implementation where it
would crash or behave incorrectly when given huge enough buffers.
- Fixed an error when trying to do key rotation with a `kTemporary` session
with licenses from an upcoming license server release.
- Fixed a rare bug where certain usage table entries could not be reloaded if
other entries were created and loaded in a certain order.
- The CDM will now correctly treat devices with only local displays as having
no SRM version.
- Fixed some typos in `OEMCryptoCENC.h` and the OEMCrypto tests.
- The help text for the flags in `build.py` has been improved and clarified.
- The header comments in `OEMCryptoCENC.h` have had some minor revision.
## 16.3.0 (2020-07-24)
Features:
- CE CDM 16.3.0 updates the included version of OEMCrypto and its tests to
v16.3. CE CDM 16.3.0 *requires* OEMCrypto v16.3 or later. Widevine will not
be supporting OEMCrypto v16.2 any longer. Upgrading to CE CDM 16.3.0 and
OEMCrypto v16.3 is required for all partners using the 16.x release series.
- OEMCrypto v16.3 includes several updates to the ODK code. Don't forget to
update your OEMCrypto integrations.
- The algorithms that drive the usage tables in the CE CDM are more robust,
particularly in cases involving deleting entries and/or the table becoming
fragmented.
Bugfixes:
- Fixed a `validate_nonce` error when using `load_refresh_keys` with certain
license services.
- Fixed an issue where clear subsamples that don't make up a full sample might
be accepted when the later encrypted subsamples would be rejected.
- Fixed an issue preventing `device_files.cpp` from compiling with certain C++
STL implementations.
- Fixed an issue where nonce-free offline licenses (such as those used by
ATSC 3.0) would fail to load in the v16 ODK.
- Fixed issues where compiling with recent GCC releases and with stringent
warning checks enabled would trigger warnings that were treated as errors,
failing compilation.
- Fixed an issue where the OEMCrypto tests were deriving keys too eagerly,
causing OEMCrypto implementations with very strict state-progression checks
to fail.
- Fixed an issue that was causing the following tests to fail when used with
recent license service builds:
- `CdmTest.RemoveUsageRecord`
- `CdmTest.RemoveThreeUsageRecords`
- `CdmTest.RemoveIncomplete`
- `CdmTest.RemoveUsageRecordIncomplete`
- `CdmRemoveTest/CdmTestWithRemoveParam.Remove/false, where GetParam() = false`
- `CdmRemoveTest/CdmTestWithRemoveParam.Remove/true, where GetParam() = true`
- Fixed an issue with accessing the usage table when OEMCrypto had reached the
maximum number of open sessions.
- Fixed an error that could occur if an offline license's file persisted after
its usage entry had been removed.
- Fixed a buffer overrun in the test code.
- Fixed a memory leak in the test code.
- Fixed a buffer overrun in the OEMCrypto Reference implementation. We will again
remind you that the OEMCrypto Reference implementation is *not* intended for production use.
- The test `DecryptNoAnalogToClearAPI13` was no longer valid and has been
removed.
- Fixed an issue where offline licenses with a rental duration and no PST
would instantly expire because they were treated as having been rented
in 1970.
- Fixed a rare issue that could occur with Device IDs between 33 and 64 bytes
long, inclusive.
- The CE CDM now correctly handles the case when OEMCrypto reports an
unlimited usage table capacity.
## 16.2.0 (2020-04-10)
**Note:** CE CDM 16.2.0 is the first release of the CE CDM 16 series. It is
numbered 16.2 to reflect that it supports and requires OEMCrypto v16.2.
Features:
- CE CDM 16.2.0 supports and requires OEMCrypto v16.2. The OEMCrypto header
files, documentation, Reference OEMCrypto implementation, and tests have
been updated to v16.2. For a full list of new features in OEMCrypto v16,
please see the
[Widevine Modular DRM Version 16 Delta document][oec-16-delta].
- The way that license durations and renewal times are handled has changed
significantly in OEMCrypto v16. Partners should be sure they are familiar
with the new behavior, which is described in the
[License Duration and Renewal][license-duration-doc] document.
- OEMCrypto v16 *does not* support updating a device directly from OEMCrypto
v13 or earlier to v16, due to OEMCrypto v16 dropping
backwards-compatibility support for the old Usage Table format.
- OEMCrypto v16 is much more lenient about the rate at which nonces can be
generated, which can now be as high as 200 nonces per second. But is much
stricter about the total number of nonces in flight per session, which is
now limited to just 1.
- Starting with CE CDM 16.2, the Widevine CE CDM no longer supports the 'cens'
and 'cbc1' schemas of ISO-CENC. Only 'cenc' and 'cbcs' are supported.
- Attempting to decrypt in AES-CTR mode with a nonzero pattern will now
return an error instead of invoking the 'cens' schema.
- Attempting to decrypt in AES-CBC mode with a `(0,0)` pattern will now
perform "full-sample" 'cbcs' decryption (the same as using a `(10,0)`
pattern) instead of invoking the 'cbc1' schema.
- The `Cdm::decrypt()` methods have been significantly reworked. These methods
previously took individual subsamples, one per call to the decrypt method.
Instead, it is now possible to pass one or more full samples to
`Cdm::decrypt()`. These full samples will be passed to OEMCrypto using the
new v16.2 version of `OEMCrypto_DecryptCENC()`, which also accepts multiple
full samples.
- It is no longer possible to pass partial samples to `Cdm::decrypt()`.
Callers *must* pass full samples in for decryption.
- For best performance, Widevine recommends that integrators not pass more
samples into `Cdm::decrypt()` than their OEMCrypto integration can handle.
- For instance, if you need to decrypt 4 samples and your OEMCrypto
integration only accepts a maximum of 3 samples per
`OEMCrypto_DecryptCENC()` call, it is more efficient to call
`Cdm::decrypt()` with 3 samples and then again with 1 sample than to
call `Cdm::decrypt()` with 4 samples.
- The Widevine CE CDM does not know how much data OEMCrypto can accept and
will attempt to pass as much data to OEMCrypto as you give it. If you
*do* pass more data to `Cdm::decrypt()` than your OEMCrypto integration
can handle, the Widevine CE CDM will progressively break the data up
into smaller and smaller pieces until OEMCrypto is able to accept it, a
process that has some performance cost.
- The Widevine CE CDM once again supports OpenSSL. The default is still to
build with the included copy of BoringSSL. But integration partners that
prefer to use OpenSSL and have their own OpenSSL builds can link with
OpenSSL instead by overriding the platform build variable
`privacy_crypto_impl` and setting it to the value `openssl`.
- All the platform build properties have been consolidated into one GYPI file,
`platform_properties.gypi`. These are all the variables that integration
partners may need to override to adapt the CE CDM to their platform.
Variables defined in the build system outside `platform_properties.gypi`
may not work correctly when overridden and should not be overridden in
partners' `settings.gypi` files.
- The Widevine CE CDM is now smarter about which usage data entries to evict
when the table fills up, using a Least-Recently-Used list and metadata about
which licenses have expired to choose which entries to evict.
- When subsamples were rejected by OEMCrypto with
`OEMCrypto_ERROR_BUFFER_TOO_LARGE` because they were too large, previous
Widevine CE CDM releases would break the subsamples up into 100KiB chunks.
Widevine CE CDM 16.2 will now break them up into larger chunks, up to the
"Minimum subsample buffer size" for the device's reported Resource Rating
Tier.
- The method `Cdm::update()` can now return `kNeedsDeviceCertificate` if the
licensing server requires that the device reprovision before it will send
licenses to the device.
- The method `Cdm::removeUsageTable()` has been removed, as it would no longer
do anything on OEMCrypto v16. Most users of this method should have already
migrated to `Cdm::deleteUsageRecord()` or `Cdm::deleteAllUsageRecords()`.
- The Widevine CE CDM now exposes metrics about its performance through the
method `Cdm::getMetrics()`. These metrics are not intended for integration
partner consumption but can be reported back to Google.
- `build.py` now works correctly in Python 2 or Python 3 and provides more
useful error messages.
- Additional tests have been added to catch more error conditions.
[oec-16-delta]: ./oemcrypto/docs/Widevine_Modular_DRM_Version_16_Delta.pdf
[license-duration-doc]: ./oemcrypto/docs/License_Duration_and_Renewal.pdf
Documentation:
- Additional errors have been marked as "recoverable." Recovery paths for them
have been documented in the [Integration Guide][integration-guide-16.2].
- `kNeedsDeviceCertificate`
- `kNeedsServiceCertificate`
- The comments for `Cdm::setServiceCertificate()` and
`Cdm::parseAndLoadServiceCertificateResponse()` have been made more
consistent.
- The documentation has been updated to reflect that Widevine does not
recommend using the compiler flags `-Wall` and `-Werror` when building the
Widevine CE CDM, even though our default build files use these flags. We
use these flags to help us catch mistakes internally, but due to differences
in the sensitivity of different compiler versions, using them when building
with your own cross-compiling toolchain often triggers harmless warnings
that are treated as errors.
- The [Widevine CE CDM Integration Guide][integration-guide-16.2] and
[OEMCrypto Version Compatibility][oec-version-compat] document have been
updated to the latest versions.
- In addition to the [OEMCrypto v16.2 Specification][oec-16], OEMCrypto v16.2
comes with several supplementary documents:
- [License Duration and Renewal][license-duration-doc]
- [OEMCrypto State Diagrams][oec-state-diagrams]
- [Widevine Core Message Serialization][core-message-doc]
[integration-guide-16.2]: ./Widevine_CE_CDM_IntegrationGuide_16.2.0.pdf
[oec-16]: ./oemcrypto/docs/WidevineModularDRMSecurityIntegrationGuideforCENC_v16.pdf
[oec-state-diagrams]: ./oemcrypto/docs/OEMCrypto_State_Diagrams.pdf
[core-message-doc]: ./oemcrypto/docs/Widevine_Core_Message_Serialization.pdf
Dependency Updates:
- The bundled version of BoringSSL has been updated to commit
[`0064c290d139b928e93a83900efe1367bc18dd03`][boringssl-0064c2].
- The bundled version of GYP has been updated to commit
[`fcd686f1880fa52a1ee78d3e98af1b88cb334528`][gyp-fcd686] in order to support
Python 3.
[boringssl-0064c2]: https://boringssl.googlesource.com/boringssl/+/0064c290d139b928e93a83900efe1367bc18dd03
[gyp-fcd686]: https://chromium.googlesource.com/external/gyp/+/fcd686f1880fa52a1ee78d3e98af1b88cb334528
Bugfixes:
- Fixed a major bug that would cause sessions to enter an unusable state where
a segfault was inevitable if any errors occurred during usage table
initialization. This included errors arising from OEMCrypto choosing not to
implement the Usage Table API, which is technically optional.
- The method `onDeferredComplete` was still present on the `IEventListener`
interface but would never be called due to changes in CDM provisioning in
version 15.0.0. This method has now been removed.
- To avoid potential thread-safety issues, the CE CDM now uses the C++11
randomness classes instead of `rand()`.
- Cleaned up many log messages to be more useful.
- The Widevine CE CDM now follows a more consistent coding style. Several
files have been reformatted to fit this style, even where there are no other
changes.
- Some unit tests have been made more robust against crashing in error cases.
- Several unit tests were previously setting the service certificate more
frequently than was necessary, which had lead to confusion about the proper
way to use the CE CDM. These tests have now been changed to only set the
service certificate after initialization.
- Fixed issues where the CDM would think it had emptied the usage table when
it had not.
- The CDM will now perform fewer disk operations when deleting many usage
entries at once.
- Fixed many issues where the OEMCrypto tests would pass on the reference
implementation but fail on valid third-party implementations due to the test
being over-strict.
- Fixed an issue that could cause the Widevine CE CDM to delete unintended
files from the storage when deleting files with a wildcard.
- Made the CE CDM unit tests more robust against network communication errors.
- Fixed an issue where some unit tests were using 1023 bytes per kibibyte.
- Fixed an issue that could cause out-of-bounds memory access in one of the
OEMCrypto unit tests.
- Fixed several small bugs that could theoretically cause segfaults.
Removing Unsupported Versions:
- Widevine has removed the tags and branches for several old, unsupported CE
CDM releases from the partner repository. Widevine has always only supported
the most recent OEMCrypto version plus the two versions before it. The
Widevine CE CDM partner repository will now only contain supported releases.
- New clones of the Widevine partner repository will only contain the
supported tags and branches. Existing clones will continue to contain them,
due to the way Git works. Partners that want to clean up these old
references from their local clones can follow these steps:
- If you are running Git 2.17 or newer, just run
`git fetch --prune --prune-tags`. Note that this will also delete any
local tags you have created.
- If you are running an older version of Git or do not want to use
`--prune-tags` due to the above limitations, then:
- To prune old branches, run `git fetch --prune`.
- To prune old tags, run `git tag -l | xargs git tag -d && git fetch -t`.
Note that, just like `--prune-tags`, this command will delete any local
tags you have created.
## 15.3.0 (2020-02-11)
Bugfixes:
- A bug has been fixed that prevented HDCP 2.3 from working in previous
Widevine CE CDM releases, even those that nominally supported HDCP 2.3. All
devices wanting to support HDCP 2.3 *must* update to CE CDM 15.3.0 or later.
- A bug was preventing sessions from being created if Privacy Mode was turned
on and no service certificate had been installed for the licensing service.
This has been fixed, and it should now be possible to create sessions before
installing a service certificate, as required by EME.
- Note, however, that attempting to do a license exchange while in this
state will still return an error. Performing license exchange requires a
service certificate for the licensing service if Privacy Mode is turned
on.
- Previous CE CDM releases erroneously had two errors assigned to the
number 109. One of these errors is now number 110.
- Several OEMCrypto tests were being too stringent about the errors they
allowed to be reported when certain kinds of output protection error were
encountered. These tests have been relaxed to accept the expected error from
either `OEMCrypto_SelectKey()` or `OEMCrypto_DecryptCENC()`.
- Some issues causing incomplete output from failed CDM unit tests have been
fixed.
Features:
- It is now possible to create a CDM instance that will never write to its
storage. Such a CDM will treat its `IStorage` as read-only. Because such a
CDM instance is impossible to provision, this is only useful for ATSC 3.0,
where there is an `IStorage` instance that is pre-populated with a
certificate and licenses.
- To create such a CDM instance, pass `true` as the final parameter to a new
overload of `Cdm::create()`.
- This feature should be used for instances that use ATSC 3.0 licenses, to
protect the preloaded licenses from being overwritten.
- This feature should *only* be used for instances that use ATSC 3.0
licenses. All other CDM instances should continue to be created with
writeable storage.
- Partners that use Sandbox IDs in their OEMCrypto implementation can now pass
the Sandbox ID through the CE CDM rather than calling
`OEMCrypto_SetSandbox()` manually.
- The Sandbox ID is passed as a parameter to a new overload of
`Cdm::initialize()`.
- This feature is only useful in combination with an OEMCrypto that uses
Sandbox IDs. Most partners do not use Sandbox IDs and should continue to
use the version of `Cdm::initialize()` that does not have a Sandbox ID
parameter.
- To run the unit tests on a device that uses Sandbox IDs, you can pass a
new `--sandbox_id=<Sandbox ID>` parameter to the unit test binary to
tell it which Sandbox ID to use.
Documentation:
- Widevine has changed our recommendation for when Privacy Mode should be
turned on, and the documentation has been updated accordingly. Previously,
Widevine recommended the use of Privacy Mode whenever possible. However,
Privacy Mode has no benefit unless the CDM is being used in a web browser.
This is because web browsers visit arbitrary webpages and run untrusted
JavaScript. There is no benefit when running trusted apps, and Privacy Mode
complicates provisioning and licensing. As such, Widevine now only
recommends that Privacy Mode be turned on for web browsers. It should be
turned off for most CE devices.
- This advice applies retroactively to all previous CE CDM releases as well.
## 15.2.0 (2019-06-28)
Features:
- Updated the included OEMCrypto headers and reference code to v15.2.
- This is the first version of the CE CDM that supports OEMCrypto v15.2. Due
to changes in the threading guarantees in OEMCrypto v15.2, earlier
Widevine CE CDM 15.x releases are not safe to use with OEMCrypto v15.2
implementations.
- The OEMCrypto build information is now reported in the license request. This
information can help with debugging integration issues. Content providers
can use this information to choose what licenses to return.
- The OEMCrypto tests have been expanded and cleaned up.
Documentation:
- Clarified what integrators should return from `IStorage::size()` when there
is an error. All integrators should verify that their `IStorage::size()`
implementations adhere to the new requirements.
- The headers and documentation have been updated to emphasize that
`Cdm::removeUsageTable()` is rarely the correct method to use. Apps will
generally want to use `Cdm::deleteUsageRecord()` or
`Cdm::deleteAllUsageRecords()`.
- Expanded the documentation of the `oemcrypto_lib` property in the GYP files.
- Updated some product names in the
[OEMCrypto Version Compatibility][oec-version-compat] document.
- Previous releases incorrectly labelled the Widevine CE CDM 15.x releases as
being released in 2018. The documentation has been updated to correctly
reflect that they have been released in *2019*.
Dependency Updates:
- Widevine CE CDM now requires jsmn [v1.0.0][jsmn-1.0.0]. Previous releases
did not specify a version requirement. However, recent updates to jsmn have
made versions after v1.0.0 incompatible with Widevine CE CDM.
- The included version of jsmn is v1.0.0.
- The bundled version of Protobuf has been updated to [v3.8.0][proto-3.8.0].
Note that, as before, Widevine CE CDM will work with any version of Protobuf
back to 2.6. However, we provide the version of Protobuf that we test with
internally as a default.
- The bundled version of BoringSSL has been updated to commit
[`c0b4c72b6d4c6f4828a373ec454bd646390017d4`][boringssl-c0b4c7].
[jsmn-1.0.0]: https://github.com/zserge/jsmn/releases/tag/v1.0.0
[proto-3.8.0]: https://github.com/protocolbuffers/protobuf/releases/tag/v3.8.0
[boringssl-c0b4c7]: https://boringssl.googlesource.com/boringssl/+/c0b4c72b6d4c6f4828a373ec454bd646390017d4
Bugfixes:
- Fixed a bug that would cause decrypt to fail when using entitled key
rotation and having multiple entitlement keys loaded at the same time.
- Replaced `std::stringstream` with `std::to_string()` where possible.
- Fixed the clock-change test so that it compiles on Windows.
- Fixed a bug where the CDM would treat empty file paths as always existing,
which could result in attempts to delete an empty filename.
- Relaxed the OEMCrypto `UsageTableTest.GenerateReportWrongPST` test.
Previously, it would flag valid results with unusual buffer sizes as
failures.
- Made `OEMCryptoSessionTests.SelectKeyNotThereAPI15` more tolerant of
platforms where the error code is delayed.
- Fixed a bug where key status might be reported incorrectly because the key
container security level was not being taken into account when calculating
the key status to notify to the app. Note that this does not affect the
actual usability of the keys; the error was only in the status reported to
the app.
- The parallel execution tests now time out after 30 seconds rather than 10,
in order to be more forgiving of lower-powered devices.
- Fixed a case where the OEMCrypto Reference Implementation was accessing
the IStorage implementation before it was set when running the tests. This
was benign but could cause problems with other OEMCrypto implementations.
- To help catch cases like this in the future, debug builds of the CE CDM
now assert anytime `FileSystem::_impl` is `NULL`, rather than only when
it is constructed from a passed-in pointer.
- The sample `x86-64` platform files now include a define needed to enable GDB
to debug libstdc++ objects.
## 15.1.0 (2019-03-29)
Features:
- It is now possible to use opaque handles even when the OEMCrypto integration
is L3, assuming the OEMCrypto integration is able to use opaque handles.
Previously, the CE CDM blocked this combination of features.
- Methods for querying information about the underlying OEMCrypto integration
have been added to the CE CDM API.
- `Cdm::getRobustnessLevel()`
- `Cdm::getResourceRatingTier()`
- `Cdm::getOemCryptoBuildInfo()`
- Several new errors have been added to the CE CDM API. These errors are
considered "recoverable errors" because there are well-known actions the
caller can take to recover from them. These responses are covered in the
[Integration Guide][integration-guide-15.1].
- `kResourceContention`
- `kSessionStateLost`
- `kSystemStateLost`
- `kOutputTooLarge`
- Improved error reporting around entitlement licenses.
Documentation:
- The Integration Guide that shipped with CE CDM 15.0.0 did not contain
updates about the removal of `onDirectIndividualizationRequest()` and did
not contain documentation for the manual provisioning flow that replaced it.
The [Integration Guide for CE CDM 15.1.0][integration-guide-15.1] has been
updated to correct this.
- Additional comments have been added to the OEMCrypto unit tests to help
integration partners better understand what is going wrong when they get an
error. Future releases will further expand on this.
- [Widevine_OEMCrypto_Version_Compatibility.pdf][oec-version-compat] has been
updated to document the number of required keys per session in each version.
[integration-guide-15.1]: ./Widevine_CE_CDM_IntegrationGuide_15.1.0.pdf
Bugfixes:
- This release fixes a bug that caused CE CDM initialization to fail when
using opaque handles.
- The usage table unit tests have been re-enabled. Several additional tests
for new scenarios have been added.
- Several failures affecting edge cases when deleting usage table entries have
been fixed.
- The playback duration was not being counted correctly in cases where the
license had an unlimited license duration but a very short playback duration
and the license was received after playback had already started. This has
been fixed.
- The default compiler warnings for the sample "x86-64" platform have been
strengthened, while some warnings that are triggered by third-party
libraries have been disabled for only those libraries.
- Several benign problems that triggered strict compiler warning levels have
been fixed.
- An error with the kSilent log level that could occur with very strict
compiler or sanitizer settings has been fixed.
- Fixed a spurious error that could occur when querying the SRM version on
devices without SRM support.
- Reworded some code that was tripping up the MSVC compiler.
## 15.0.0 (2019-02-28)
Features:
- Widevine CE CDM 15.0.0 supports and requires OEMCrypto v15.1. The OEMCrypto
header files, documentation, Reference OEMCrypto implementation, and tests
have been updated to v15.1. For a full list of new features in OEMCrypto
v15, please see the
[Widevine Modular DRM Version 15 Delta document][oec-15-delta].
- Note that the threading requirements for OEMCrypto implementations were
revised in OEMCrypto v15, and the Widevine CE CDM 15.0.0 takes greater
advantage of parallelism where possible. When the application uses the
Widevine CE CDM from multiple threads, the Widevine CE CDM will now be
more willing to call into OEMCrypto simultaneously from multiple threads,
though always obeying the guarantees put forth in the
[OEMCrypto v15 specification][oec-15].
- The Widevine CE CDM now requires support for C++11 and C11. A
C++11-supporting compiler and STL library are required in order to build
the Widevine CE CDM.
- We have begun replacing POSIX functions and headers with their C++11 STL
equivalents where possible. As a side-effect of this, it should be much
easier to compile the Widevine CE CDM for non-POSIX-compliant platforms.
- The Widevine-created drop-ins for several STL classes have been replaced
with their STL equivalents. This eliminates bugs originating in these
classes and improves performance on some systems.
- `wvcdm::scoped_ptr`
- `wvcdm::shared_ptr`
- `wvcdm::Lock`
- `wvcdm::AutoLock`
- The Widevine CE CDM now builds with hidden visibility as the default and
only exports symbols that correspond to the public API of the library. This
allows the final binary to be smaller and faster and can reduce conflicts
with other libraries.
- It is now possible to set separate service certificates for the Provisioning
Service and the Licensing Service. Methods that install a service
certificate now take a parameter that indicates if this certificate is to
be installed for the Provisioning Service, the Licensing Service, or both.
- To replicate the previous behavior, pass `Cdm::kAllServices` to install
the certificate for both services at the same time.
- It is now valid to pass `nullptr` to
`Cdm::parseAndLoadServiceCertificateResponse()` if you do not want to cache
the parsed certificate for future reuse.
- The `onDirectIndividualizationRequest` callback has been removed. In
Widevine CE CDM 14.1.0, `Cdm::getProvisioningRequest()` and
`Cdm::handleProvisioningResponse()` were added to allow applications to
proactively provision unprovisioned devices. Starting with Widevine CE CDM
15.0.0, using these methods is now *mandatory*. There is no more
`onDirectIndividualizationRequest` callback, and trying to open a session,
generate a license request, or load an offline license will return an error
if the device is not provisioned.
- The existing method `Cdm::isProvisioned()` can be used to check if the
device is provisioned at run-time.
- The status code `kDeferred` has been removed.
- There is now an overload of `Cdm::decrypt()` that takes an explicit session
to use for decryption as a parameter. Ordinarily, `Cdm::decrypt()` will
automatically find the session that matches the Key ID specified in the
`input` parameter. However, there are some situations where the Key ID may
not yet be known, such as when feeding clear content through
`Cdm::decrypt()` before the Key ID is known. In these cases, it is necessary
to be explicit about which session the CDM should use for decryption.
- The Widevine CE CDM now supports Provider Client Tokens. If the license
server includes a Provider Client Token with the license, then it will be
copied to any renewal requests that are generated for that license.
- The test code has been refactored and centralized so that it will be more
reliable when running only a subset of the unit tests.
- `build.py` now supports a `-v`/`--verbose` flag that can be passed to turn
on verbose build output from the underlying build tool.
- The OEM Certificate Generator now supports both PEM and DER format
intermediate certs.
- It is now possible to specify a path to NASM. This is only of interest for
partners who are building for Windows and using assembly language code.
- We have improved logging fidelity, particularly around the level of detail
of logged error codes.
- Several new tests have been added, including tests that exercise the
Widevine CE CDM from multiple threads simultaneously.
[oec-15]: ./oemcrypto/docs/WidevineModularDRMSecurityIntegrationGuideforCENC_v15.pdf
[oec-15-delta]: ./oemcrypto/docs/Widevine_Modular_DRM_Version_15_Delta.pdf
Dependency Updates:
- The bundled version of Protobuf has been updated to [v3.6.1][proto-3.6.1].
Note that, as before, Widevine CE CDM will work with any version of Protobuf
back to 2.6. However, we provide the version of Protobuf that we test with
internally as a default.
- The bundled version of BoringSSL has been updated to commit
[`f18bd55240b229a65df48e7905da98fff18cbf59`][boringssl-f18bd5].
- The `legacy_kit` version of BoringSSL that was previously used only by the
unit test code has been removed. All Widevine CE CDM code now uses the
same version of BoringSSL.
[proto-3.6.1]: https://github.com/protocolbuffers/protobuf/releases/tag/v3.6.1
[boringssl-f18bd5]: https://boringssl.googlesource.com/boringssl/+/f18bd55240b229a65df48e7905da98fff18cbf59
Bugfixes:
- A bug has been found in all versions of the Widevine CE CDM prior to this
one that can cause leaks and crashes when the CDM is used in a
multi-threaded environment. The class `wvcdm::shared_ptr` contains
operations that it claims are atomic which are not, in fact, atomic.
This bug is a non-issue starting with CE CDM 15.0.0 because
`wvcdm::shared_ptr` has been removed, but please be aware that this issue
exists in all previous CDMs. This issue does not affect devices where the
CDM cannot be used from multiple threads at once.
- Several memory leaks have been fixed in this release. Thank you to the
partners who reported these to us.
- The new parallel operation tests have allowed us to find and fix several
multi-threading issues.
- Fixed a bug where compilation of Protobuf (but not the rest of the CDM)
would sometimes ignore compiler flags being set by the platform.
- Fixed a problem that could occur during callbacks on platforms where
pthreads does not allow the same thread to recursively take a lock.
- Two order-of-destruction ambiguities that could cause crashes during CDM
teardown on certain platforms have been fixed.
- Fixed an issue that could cause repeated decrypts with the same key to fail
when using entitled content keys, depending on specific details of how
OEMCrypto was implemented.
- The comments on `Cdm::setVideoResolution()` have been updated to clarify
that the resolution being passed in should be the resolution of the content
being played, not the output resolution of the device. The behavior of this
function is unchanged, as this was always true.
- Some log messages were missing linefeeds at the end. These have been added.
- Several tests that were disabled have been fixed and re-enabled.
- APIs that rely on selecting a usage table entry at random were not
sufficiently random in certain situations. Their selection will now be more
random.
- Note that this does *not* affect cryptographic random number generation,
which was already sufficiently random.
- Fixed some bugs that could occur when the usage table was full, particularly
if random number generation was not sufficiently random.
- Fixed spurious failures that could occur rarely during
`UsageTableHeaderTest`.
## 14.2.0 (2018-10-12)
Features:
- `build.py` now supports a `-j` flag that allows the caller to control the
level of parallelism. This flag can be specified with a number argument to
limit the build to that many processes in parallel (`build.py x86-64 -j 56`)
or can be specified bare to build with unlimited parallelism.
(`build.py x86-64 -j`) On build systems without suport for unlimited
parallelism, using the bare flag will instead set the limit to 1000
processes.
- The Reference OEMCrypto no longer uses `danger_do_not_use.bin`, and this
file will no longer be written to the filesystem when running tests. The
Reference OEMCrypto has no keybox. The tests install a test keybox into
OEMCrypto temporarily when they run.
Dependency Updates:
- We have cherry-picked an unreleased Protobuf 3.5.1 fix that makes it
compatible with GCC 7. Those having trouble using Protobuf 3.5.1 on GCC 7
should switch to the Protobuf included with Widevine CE CDM or should
cherry-pick commit
[`39c3654e901b4fc35386989cbad49fad8a68c024`][proto-gcc-fix].
- The bundled version of BoringSSL has been updated to commit
[`28babde159253bfa9003a445242605806fff5f1f`][boringssl-28babde1].
[proto-gcc-fix]: https://github.com/google/protobuf/commit/39c3654e901b4fc35386989cbad49fad8a68c024
[boringssl-28babde1]: https://boringssl.googlesource.com/boringssl/+/28babde159253bfa9003a445242605806fff5f1f
Bugfixes:
- A bug was introduced in CE CDM 14.0.0 that could prevent the clear lead of
a video from playing if the key was not usable, even though the samples were
not encrypted. Clear samples are now allowed through even when the key is
not usable.
- Additional locks have been added to protect sessions from concurrent access,
particularly races between destruction and other calls.
- Generating a release request and then closing and reloading the persistent
session before returning the release response was not working correctly.
This flow has been fixed.
- Various minor problems, mostly warnings being treated as errors, that
prevented the Widevine CE CDM from building cleanly on GCC 7 have been
fixed.
- LicenseKeysTest.ConstraintChanges was not testing all the variants it was
meant to test. It has been fixed to test the full range of constraint
scenarios again.
- Explicit references to TR1 have been removed from the test code, in order
to be compatible with the widest possible range of platforms and gTest
versions.
- Some typos in comments and names have been corrected.
- Additional comments have been added clarifying how ITimer will be used by
the CDM and what implementations are and are not responsible for.
- The header comments regarding how to install a service certificate were
outdated and have been updated to reflect the correct behavior of the CDM.
- The CDM will now more gracefully recover from cases where OEMCrypto has run
out of resources for storing the usage table information. This can result in
the loss of usage info if there is large amount of unreleased usage info in
the system, beyond the minimum amount OEMCrypto must support, but it will
allow the CDM to continue working even in this state.
- The framework running the unit tests has been significantly re-architected
and should now be more robust, particularly when running only a subset of
the tests.
- Additional unit tests have been added.
- The CDM will reject erroneous content that has embedded keys that are too
short earlier in the process.
## 14.1.2 (2018-08-21)
Bugfixes:
- Fixed an assert that would always fail when using opaque handles for the
output type. This bug was introduced in CE CDM 14.0.0. All partners using
14.0.0 through 14.1.1 and opaque handles should update to 14.1.2.
## 14.1.1 (2018-07-25)
Bugfixes:
- A crash that could occur in CdmSession when destroying a CDM instance has
been fixed.
## 14.1.0 (2018-06-29)
Features:
- The OEMCrypto headers and documentation have been updated to v14.1
- Note that although this is CE CDM 14.1.0 and it contains OEMCrypto v14.1,
the synchronization of the minor version numbers is a coincidence. We do
not guarantee that future OEMCrypto and CE CDM minor version updates will
always coincide like this. We do expect that major version updates will
coincide.
- The client identification data passed up in a provisioning request has been
expanded to match the client identification data passed up in a license
request.
- In order to protect users' privacy, this expanded client identification
data is encrypted with the provisioning server's service certificate.
- For apps using entitlement licenses, loading new entitled keys will no
longer unload the previous entitled keys. After loading new entitled keys,
both the old and new entitled keys will be available for decryption. Once
loaded, entitled keys will remain valid until the session they were loaded
into is closed.
- This does not affect the behavior of OEMCrypto. Inside OEMCrypto, there
remains at most one entitled key loaded for each entitlement key. The CE
CDM handles switching out entitled keys so that the correct entitled key
is loaded at any given time.
- It is now possible to manually provision the CE CDM, rather than relying on
the automatic generation of a provisioning request when attempting to
generate a license request on an unprovisioned system. Partners that know
they need to provision can use `Cdm::getProvisioningRequest()` and
`Cdm::handleProvisioningResponse()` to perform provisioning before trying to
open any sessions.
- A new method, `Cdm::forceRemove()` has been added to allow the removal of
offline data associated with a license without a server roundtrip. This is
generally *not* what is desired, and this method should be used only by
partners who are certain they want to discard offline licenses and/or usage
info without the server being aware of it. Most partners will want to
continue using `Cdm::remove()` to perform a release roundtrip with the
licensing server, so that the server can track the release and record the
final usage information.
- An OEMCrypto clock rollback-prevention test has been added,
`UsageTableTest.TimeRollbackPrevention`. This test can only run if the
unit tests are being run as root, however, and is disabled automatically
when the unit tests are run as a non-root user.
- Usage information is now persisted to disk whenever a session is closed, in
addition to its existing behavior of saving periodically. This gives better
persistence at the expense of slightly more storage writes.
- Additional unit tests for existing behavior have been added.
- This changelog now has a table of contents.
- [Widevine_OEMCrypto_Version_Compatibility.pdf][oec-version-compat] has been
added, outlining the compatibility between the various Widevine CDM
releases and the various OEMCrypto versions.
- [Widevine_DRM_Device_Provisioning_Models.pdf][provisioning-models] has been
added, outlining the differences between Provisioning 2.0 and 3.0.
- The script `create_static_bundle.py` has been added to assist partners who
want to concatenate all the static libraries that make up the Widevine CE
CDM into one static library.
[oec-version-compat]: ./oemcrypto/docs/Widevine_OEMCrypto_Version_Compatibility.pdf
[provisioning-models]: ./oemcrypto/docs/Widevine_DRM_Device_Provisioning_Models.pdf
Dependency Updates:
- The bundled version of Protocol Buffers has been updated to
[v3.5.1][protobuf-3.5.1]. The Widevine CE CDM should continue to work with
any version of Protocol Buffers at or greater than v2.6, but we now
recommend v3.5.1.
- As part of this update, the compilation flags for Protocol Buffers were
changed. Depending on the flags partners use by default, they may need to
make changes to their flags to accommodate the new version of Protocol
Buffers.
- The bundled version of BoringSSL has been updated to commit
[`0080d83b9faf8dd325f5f5f92eb56faa93864e4c`][boringssl-0080d83b].
[protobuf-3.5.1]: https://github.com/google/protobuf/releases/tag/v3.5.1
[boringssl-0080d83b]: https://boringssl.googlesource.com/boringssl/+/0080d83b9faf8dd325f5f5f92eb56faa93864e4c
Bugfixes:
- Cleaned up redundant compiler flags in the sample x86-64 platform files.
- `UsageTableTest.TwoHundredEntries` was actually testing 201 entries. It has
been fixed.
- The CE CDM will now build without modification on Clang 4 and 5. Previously,
the Protobuf build triggered some warnings that were treated as errors.
- The CDM will now prevent attempts to unprovision devices that use a baked-in
device certificate in their OEMCrypto implementation, as it is not possible
to reprovision these devices.
- The documentation for `Cdm::initialize()` has been updated to make the
caller's responsibilities more explicit. The caller must ensure that the
objects passed to the library at initialization outlive the library itself.
This has always been the case, but the documentation for it has been made
clearer.
- The documentation for `Cdm::create()` was not updated to reflect the changes
in CE CDM 14.0.0 that disallowed passing `NULL` to it. The documentation has
been updated.
- The CDM now recovers more gracefully when files persisted to disk have been
corrupted.
- A race condition between `Cdm::decrypt()`, `Cdm::close()`, and periodic
timers has been fixed.
- The copyright headers on the source code files have been updated.
- Fixed a situation where the CDM might incorrectly report the expiration time
of licenses that never expire. `Cdm::getExpiration()` should now correctly
report an expiration of `-1` for these licenses. Note that the actual
expiration time was always being tracked correctly internally; it was only
being reported incorrectly to the application.
- The CE CDM already made defensive copies of the buffer parameters when
decrypting data in chunks, but it did not make defensive copies when
calling `OEMCrypto_CopyBuffer()` in chunks. This has been fixed. This
resolves issues that occurred when OEMCrypto modified the buffer parameters
in-place during calls to `OEMCrypto_CopyBuffer()`.
- Several disabled unit tests that did not need to be disabled anymore have
been re-enabled.
- Fixed a place where newer versions of Clang could not infer the correct
overload of `std::string::insert()` to call.
- The `HttpSocket` class used by the unit tests is now more resilient against
errors that occur during HTTPS communication and will retry after a delay
when it detects a retryable error.
## 14.0.0 (2018-05-16)
Features:
- Support for OEMCrypto 14, including new unit tests that exercise its
functionality. For a full list of new features in OEMCrypto 14, please see
the Widevine Modular DRM Version 14 Delta document.
- Widevine CE CDM 14.0.0 is not compatible with any previous version of
OEMCrypto. It is only compatible with OEMCrypto v14.
- Added a new overload of the `load()` function for loading keys embedded
inside a PSSH header. This allows for key rotation without multiple server
roundtrips, using entitlement licenses. See the Integration Guide for more
information.
- The version number of the Widevine CE CDM has been bumped to bring the
version numbers of OEMCrypto, the Widevine CE CDM, and the Widevine Android
CDM closer to each other. The major version number of the CE CDM will now
always be the highest version of OEMCrypto supported by that version of the
CE CDM. This is always the version of OEMCrypto that we recommend using with
the CE CDM.
- For this release, the version number is 14.0.0 to reflect that this is the
first release to support OEMCrypto 14.
- Vendors no longer need to supply a copy of either OpenSSL or BoringSSL in
order to compile the CDM. The Widevine CE CDM will now always use the copy
of BoringSSL in the `third_party/` directory, which is provided with the
CDM source code.
- When compiled as a dynamic library, the Widevine CE CDM links statically
with this copy of BoringSSL using hidden visibility. This requires no
changes on the part of partners, so long as they are using the Widevine
CE CDM as a dynamic library. The Widevine CE CDM does not export any
BoringSSL functions and no longer interacts with the platform's copy of
OpenSSL or BoringSSL.
- When using the Widevine CE CDM as a static library, partners are
responsible for providing a compatible copy of BoringSSL. The file
`third_party/boringssl/kit/BORINGSSL_REVISION` contains the hash of the
version of BoringSSL included with the CE CDM, which can be used to guide
decisions about compatible versions of BoringSSL.
- The Widevine CE CDM no longer supports OpenSSL. Those wishing to use the
CE CDM as a static library with OpenSSL will have to make small
modifications to the code where it uses BoringSSL-only APIs in order to
compile with OpenSSL.
- New build configuration setting: `asm_target_arch`
- When building assembly language files, this setting is used to determine
which CPU architecture's instructions to include.
- If this flag is not set by the configuration, it defaults to `none`, which
turns off use of assembly language completely. We strongly recommend
overriding this default so that you receive the speed benefits of
assembly language.
- Valid values are:
- `x86`
- `x86-64`
- `arm`
- `arm64`
- `ppc64`
- `none`
- Protobuf is now compiled by default to not use RTTI support. This reduces
the size of the final binary and allows for easier support of platforms
without RTTI.
- Several additional flags have been added to the example settings.gypi in
the `x86-64` build to reduce the size of the final binary. Partners may want
to consider setting similar flags on their own builds.
- `no-rtti` (Widevine CE CDM does not and has never used RTTI.)
- `no-exceptions` (Widevine CE CDM does not and has never used exceptions.)
- `lto`
- It is no longer permissible to pass a null `IStorage` pointer to
`Cdm::create()`. Previously, passing `NULL` would select the global/default
`IStorage` as the storage for the new CDM instance. However, starting in CE
CDM 3.5.0, the default `IStorage` began to be the storage for global data
such as the usage table header. To clarify its purpose, we are removing its
ability to do double duty as global storage and as a default for new CDM
instances.
- It is still permitted to use the same `IStorage` instance for the global
storage and as the storage for a specific CDM instance. If this is what
you intend, just pass the same pointer to both `Cdm::initialize()` and
`Cdm::create()`.
- Due to nonce flood protections in OEMCrypto, provisioning and licensing
request generation can fail due to too many requests being generated
quickly. Such failures can be retried successfully after a delay. This has
always been the case. To help in discerning when a failure is due to a nonce
flood and can be retried, these failures will now be reported as
`kQuotaExceeded` errors.
- There is a new parameter on `onKeyStatusesChange()`, `has_new_usable_key`.
This will be set to true when the status change has resulted in any new keys
becoming available. This can be used to more efficiently implement certain
EME behavior.
- A new function, `getStatusForHdcpVersion()` has been added to the CDM
interface. This function can be used to implement `getStatusForPolicy()`
from the [EME Extension: HDCP Policy Check][eme-hdcp] proposal.
- The default service certificate used for Provisioning 3.0 has been updated
to reflect changes to the Widevine Provisioning Server.
[eme-hdcp]: https://github.com/WICG/media-capabilities/blob/master/eme-extension-policy-check.md
## 3.5.0 (2017-11-22)
Features:
- Support OEMCrypto v13.2.
- Remove c++11-specific language features and library usages. Current
standard compliance is at gnu++98.
- Supply boringssl in third_party. This is the preferred SSL implementation,
although the gyp build scripts still allow an external boringssl or OpenSSL
library to be used.
- A number of gyp build rule changes have been made to improve how
dependencies are managed and how compile and link command switches are
applied. Compiler flags are used to restrictively detect and report
potential issues.
- Support for large Usage Tables (OEMCrypto v13 feature).
- Support for SRM enforcement and update (OEMCrypto v13 feature).
- Support for embedded licenses.
- Added support for OpenSSL 1.1 (OpenSSL API changes). Earlier versions of
OpenSSL are still supported. The actual OpenSSL version being used is
checked at compile time.
- Begin migration to exclusively supporting BoringSSL.
- Add adapter and stubs for running CDM against OEMCrypto v12. Remove
the adapter for OEMCrypto v8. Currently adapters exist for OEMCrypto
versions 9 through 12.
- Add Fuzzing tests for OEMCrypto interface (work in progress).
BugFixes:
- Numerous Usage Table fixes and improvements.
- Memory leak fixes.
- Handle non-aligned nonce pointer in RewrapDeviceRSAKey calls.
- Fix scoping errors in gyp build rules.
- Fixes to offline license handling.
## 3.4.1 (2017-08-31)
Features:
- Preliminary support for sublicenses and key rotation using sublicenses.
BugFixes:
- Fixed build failure in protobuf host tools build (relaxed compiler
warning checks).
- Enabled a number of more restrictive compiler checks, and fixed
non-compliant code.
- Mock OEMCrypto: handle case of non-aligned nonce pointer in
OEMCrypto_RewrapDeviceRSAKey() and OEMCrypto_RewrapDevideRSAKey30()
## 3.3.0 (2017-05-03)
Features:
- Support OEMCrypto V12. Versions 8 through 11 are supported through
adapters.
- Bugfixes to Provisioning 3.0.
- Add tool for generating Provisioning 3.0 OEM Certificates.
- Add property (provisioning_messages_are_binary)to control whether
CDM generates/accepts provisioning messages in binary or base64+JSON
format (default is base64+JSON).
- Upgrade Protobuf kit (from 2.5.0 to 2.6.1).
- Add Cdm::getServiceCertificateRequest() and
Cdm::parseServiceCertificateResponse().
- Add API calls for managing usage records:
- Cdm::listUsageRecords
- Cdm::deleteUsageRecord
- Cdm::deleteAllUsageRecords
- Remove automatic Service certificate fetch from CDM.
- The CDM client is responsible for ensuring the CDM has a valid
Service Certificate.
- Add status return to report that playback is blocked by HDCP or
video resolution constraints (kKeyUsageBlockedByPolicy).
- Provisioning Request and Response are base64 (web-safe) protobuf messages:
- The request message in an
IEventListener::onDirectIndividualizationRequest() callback.
- The response message in the call to Cdm::update().
Conversions and/or filtering required by a particular Provisioning Server
must be performed in CDM client code.
Bugfixes:
- Various compiler warnings.
- Provisioning 3.0 bugfixes.
## 3.2.0 (2016-12-17)
Features:
- Changed location for fetching protobuf kit. Still using 2.5.0.
- Upgrade stringencoders to most recent release (28ae396)
- Upgrade gmock 1.7.0 to googletest 1.8.0
- Remove default service certificate.
- Add Cdm::listStoredLicenses().
- Break decryption buffers into 100KiB blocks if/when needed.
- Add Cdm::setVideoResolution().
- Add Cdm::isProvisioned() and Cdm::removeProvisioning().
- Add Cdm::removeUsageTable().
- Change default setting of Properties::use_certificates_as_identification
to TRUE.
- Changes to duration semantics in PolicyEngine.
- Support Provisioning v3.0.
- Add support for OEM Certificate - use it in provisioning request.
- Pass provider ID from service certificate to provisioning request.
- Retrieve device serial number from stored DRM Device Certificate.
- Upgrade to OEMCrypto V12.
Bugfixes:
- Add log messages for bad Keybox token.
- Make HTTP transactions in unit tests more robust.
- Ensure proper cleanup of offline release sessions.
- Avoid potential race condition on closing CDM sessions.
- Move g_cutoff earlier in Cdm::Initialize() - allows early debug messages
to be suppressed.
- Unit test bugfixes.
## 3.0.6 (2016-08-15)
Bugfixes:
- Upgraded TLS version used in HTTPS connections made by the unit tests, for
compatibility with recent changes to our servers
## 3.1.0 (2016-07-18)
Features:
- Updates to conform to EME June 10, 2016 Specification
(http://www.w3.org/TR/2016/WD-encrypted-media-20160610/)
- Add per-origin storage of all persistent data.
- Use EME Direct Individualization to provision devices.
- Add IEventListener::onDirectIndividualizationRequest() callback.
- A "license-release" message is no longer fired on calls to load().
- Add CDM entry points for generic crypto operations (Cdm::genericEncrypt(),
Cdm::genericDecrypt(), Cdm::genericSign(), Cdm::genericVerify()).
- Add support for CENC 3.0 and decryption of encrypted HLS content.
- Add support for querying allowed usage for a key
(Cdm::getKeyAllowedUsages()).
- Upgrade to OEMCrypto v11.
- Numerous unit test additions and improvements.
- Add jsmn to third\_party/.
Bugfixes:
- Remove IEventListener::onMessageUrl() callback.
- Don't check/validate crypto mode when Decrypt is called with unencrypted
data.
- Ensure keys are loaded before sending OnKeyStatusChange notifications.
This avoids errors due to prematurely checking key statuses.
- Correctly handle a bad RSA key.
## 3.0.5 (2015-12-16)
Features:
- Add openssl\_config variable for gyp-based projects which already include
OpenSSL or BoringSSL
Bugfixes:
- Sleep between tests to avoid triggering OEMCrypto nonce-flood errors on
very fast machines
## 3.0.4 (2015-12-14)
Features:
- Enforce storage restrictions based on the license type and policy
- Updated to EME spec 2015-11-20
- Updated kPersistent to kPersistentLicense
- Updated kInvalidAccess with kTypeError and kRangeError
- Updated kOutputNotAllowed to kOutputRestricted
- Added key status kReleased
- Added new session type (kPersistentUsageRecord) used for "secure stop"
- Enabled WebM-related tests for CdmEngine
Bugfixes:
- Fixed OEMCrypto test bugs regarding nonce-enabled and nonce-or-entry flags
- Fixed build system bug to allow adding the static CDM library as a
dependency of another gyp static library target
- Fixed message type for service cert requests
- Fixed reporting of expiration for sessions which do not expire
- Fixed test bugs in which changing execution order caused test failures
- Fixed bug in OEMCrypto\_DeleteUsageTable in which the empty table was not
written to disk
- Fixed bug in CE CDM tests in which OEMCrypto usage table data was not
cleared between test runs, causing issues with duplicate PSTs
## 3.0.3 (2015-11-09)
Features:
- Added x86-32 build settings
Bugfixes:
- Fix buffer overflow in mock OEMCrypto on 32-bit systems
- Fixed OEMCrypto\_RefreshKeys return value
- Fixed OEMCrypto\_GenerateRSASignature return value
- Fixed assertions during server certificate provisioning, triggered by a
race condition
- Removed spurious error messages from CdmEngine::AddKey()
- Fixed PSS verification in iOS privacy crypto implementation
## 3.0.2 (2015-09-18)
Features:
- Updated OEMCrypto docs
- Privacy crypto implementation for iOS
- Now builds with strict warnings and warnings as errors
- Added an extra method to IEventListener to allow integration with older
versions of Chromium using prefixed EME
- *NOTE: This is temporary and will be removed in a future release*
Bugfixes:
- Fixed support for C++11 and clang
- Prevent renewal license when can\_renew is false
- Fixed variable-length key ID tests
- Fixed enforcement of secure buffer types for decrypt
- Fix type-casting issues with various versions of OpenSSL and BoringSSL
- Return kNotSupported when generateRequest called with non-Widevine initdata
## 3.0.1 (2015-09-11)
Features:
- Added new methods to access app parameters available on Android
- Test suite is now IPv6-ready
- Exposed IClient inheritance for Cdm interface
- Added baked-in cert support to the mock OEMCrypto
Bugfixes:
- Made improvements to tests for OEMCrypto and core
- Return client ID information in secure stop
- Fix multiple deletions of OEMCrypto usage table entries
- Don't delete offline licenses when a new device cert is provisioned
- Hardened BufferReader class
- Removed excess logging in PSSH parser
- Fixed iOS build issues with MD5 in DeviceFiles
- Fixed iOS build issues with protobuf\_config==target
- Fixed bugs in OEMCrypto v9 and v10 adapters
- Fixed inclusion of unit test gypis from external projects
Broken compatibility:
- Added a cancel() method to ITimer, needed for some timer implementations
## 3.0.0 (2015-06-19)
v3.0 introduced a completely new interface which is not backward compatible
with v2.x.
Features:
- Simplified, synchronous interface which mimics EME APIs
- Support for key statuses and session expiration times
- Simplified build system with fewer build-time flags
- Simplified initialization with runtime settings for client info,
log levels, and secure output modes
- Secure output modes are explicit, and individual decrypt requests can
be done in the clear (for example, for platforms with L3 audio)
- Device certificates are now required for all platforms and must be
provisioned during initialization if not present
- Simplified storage interface with more explicit methods
- New integration guide which replaces several older documents
Reference in New Issue View Git Blame Copy Permalink