widevine-partner/ce_cdm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
31381a1311928244cd7fa28b2e53a9e3d24b994c
ce_cdm/CHANGELOG.md
Gene Morgan 31381a1311 Source release v3.5.0
2017-11-28 17:42:16 -08:00

9.8 KiB
Raw Blame History

3.5.0 (2017-11-22)

Features:

  • Support OEMCrypto v13.2.
  • Remove c++11-specific language features and library usages. Current standard compliance is at gnu++98.
  • Supply boringssl in third_party. This is the preferred SSL implementation, although the gyp build scripts still allow an external boringssl or OpenSSL library to be used.
  • A number of gyp build rule changes have been made to improve how dependencies are managed and how compile and link command switches are applied. Compiler flags are used to restrictively detect and report potential issues.
  • Support for large Usage Tables (OEMCrypto v13 feature).
  • Support for SRM enforcement and update (OEMCrypto v13 feature).
  • Support for embedded licenses.
  • Added support for OpenSSL 1.1 (OpenSSL API changes). Earlier versions of OpenSSL 1.0 are still supported. The actual OpenSSL version being used is checked at compile time.
  • Begin migration to exclusively supporting BoringSSL.
  • Add adapter and stubs for running CDM against OEMCrypto v12. Remove the adapter for OEMCrypto v8. Currently adapters exist for OEMCrypto versions 9 through 12.
  • Add Fuzzing tests for OEMCrypto interface (work in progress).

BugFixes:

  • Numerous Usage Table fixes and improvements.
  • Memory leak fixes.
  • Handle non-aligned nonce pointer in RewrapDeviceRSAKey calls.
  • Fix scoping errors in gyp build rules.
  • Fixes to offline license handling.

3.4.1 (2017-08-31)

Features:

  • Preliminary support for sublicenses and key rotation using sublicenses.

BugFixes:

  • Fixed build failure in protobuf host tools build (relaxed compiler warning checks).
  • Enabled a number of more restrictive compiler checks, and fixed non-compliant code.
  • Mock OEMCrypto: handle case of non-aligned nonce pointer in OEMCrypto_RewrapDeviceRSAKey() and OEMCrypto_RewrapDevideRSAKey30()

3.3.0 (2017-05-03)

Features:

  • Support OEMCrypto V12. Versions 8 through 11 are supported through adapters.
  • Bugfixes to Provisioning 3.0.
  • Add tool for generating Provisioning 3.0 OEM Certificates.
  • Add property (provisioning_messages_are_binary)to control whether CDM generates/accepts provisioning messages in binary or base64+JSON format (default is base64+JSON).
  • Upgrade Protobuf kit (from 2.5.0 to 2.6.1).
  • Add Cdm::getServiceCertificateRequest() and Cdm::parseServiceCertificateResponse().
  • Add API calls for managing usage records:
    • Cdm::listUsageRecords
    • Cdm::deleteUsageRecord
    • Cdm::deleteAllUsageRecords
  • Remove automatic Service certificate fetch from CDM.
    • The CDM client is responsible for ensuring the CDM has a valid Service Certificate.
  • Add status return to report that playback is blocked by HDCP or video resolution constraints (kKeyUsageBlockedByPolicy).
  • Provisioning Request and Response are base64 (web-safe) protobuf messages:
    • The request message in an IEventListener::onDirectIndividualizationRequest() callback.
    • The response message in the call to Cdm::update(). Conversions and/or filtering required by a particular Provisioning Server must be performed in CDM client code.

Bugfixes:

  • Various compiler warnings.
  • Provisioning 3.0 bugfixes.

3.2.0 (2016-12-17)

Features:

  • Changed location for fetching protobuf kit. Still using 2.5.0.
  • Upgrade stringencoders to most recent release (28ae396)
  • Upgrade gmock 1.7.0 to googletest 1.8.0
  • Remove default service certificate.
  • Add Cdm::listStoredLicenses().
  • Break decryption buffers into 100KiB blocks if/when needed.
  • Add Cdm::setVideoResolution().
  • Add Cdm::isProvisioned() and Cdm::removeProvisioning().
  • Add Cdm::removeUsageTable().
  • Change default setting of Properties::use_certificates_as_identification to TRUE.
  • Changes to duration semantics in PolicyEngine.
  • Support Provisioning v3.0.
    • Add support for OEM Certificate - use it in provisioning request.
    • Pass provider ID from service certificate to provisioning request.
    • Retrieve device serial number from stored DRM Device Certificate.
  • Upgrade to OEMCrypto V12.

Bugfixes:

  • Add log messages for bad Keybox token.
  • Make HTTP transactions in unit tests more robust.
  • Ensure proper cleanup of offline release sessions.
  • Avoid potential race condition on closing CDM sessions.
  • Move g_cutoff earlier in Cdm::Initialize() - allows early debug messages to be suppressed.
  • Unit test bugfixes.

3.0.6 (2016-08-15)

Bugfixes:

  • Upgraded TLS version used in HTTPS connections made by the unit tests, for compatibility with recent changes to our servers

3.1.0 (2016-07-18)

Features:

  • Updates to conform to EME June 10, 2016 Specification (http://www.w3.org/TR/2016/WD-encrypted-media-20160610/)
    • Add per-origin storage of all persistent data.
    • Use EME Direct Individualization to provision devices.
    • Add IEventListener::onDirectIndividualizationRequest() callback.
    • A "license-release" message is no longer fired on calls to load().
  • Add CDM entry points for generic crypto operations (Cdm::genericEncrypt(), Cdm::genericDecrypt(), Cdm::genericSign(), Cdm::genericVerify()).
  • Add support for CENC 3.0 and decryption of encrypted HLS content.
  • Add support for querying allowed usage for a key (Cdm::getKeyAllowedUsages()).
  • Upgrade to OEMCrypto v11.
  • Numerous unit test additions and improvements.
  • Add jsmn to third_party/.

Bugfixes:

  • Remove IEventListener::onMessageUrl() callback.
  • Don't check/validate crypto mode when Decrypt is called with unencrypted data.
  • Ensure keys are loaded before sending OnKeyStatusChange notifications. This avoids errors due to prematurely checking key statuses.
  • Correctly handle a bad RSA key.

3.0.5 (2015-12-16)

Features:

  • Add openssl_config variable for gyp-based projects which already include OpenSSL or BoringSSL

Bugfixes:

  • Sleep between tests to avoid triggering OEMCrypto nonce-flood errors on very fast machines

3.0.4 (2015-12-14)

Features:

  • Enforce storage restrictions based on the license type and policy
  • Updated to EME spec 2015-11-20
    • Updated kPersistent to kPersistentLicense
    • Updated kInvalidAccess with kTypeError and kRangeError
    • Updated kOutputNotAllowed to kOutputRestricted
    • Added key status kReleased
    • Added new session type (kPersistentUsageRecord) used for "secure stop"
  • Enabled WebM-related tests for CdmEngine

Bugfixes:

  • Fixed OEMCrypto test bugs regarding nonce-enabled and nonce-or-entry flags
  • Fixed build system bug to allow adding the static CDM library as a dependency of another gyp static library target
  • Fixed message type for service cert requests
  • Fixed reporting of expiration for sessions which do not expire
  • Fixed test bugs in which changing execution order caused test failures
  • Fixed bug in OEMCrypto_DeleteUsageTable in which the empty table was not written to disk
  • Fixed bug in CE CDM tests in which OEMCrypto usage table data was not cleared between test runs, causing issues with duplicate PSTs

3.0.3 (2015-11-09)

Features:

  • Added x86-32 build settings

Bugfixes:

  • Fix buffer overflow in mock OEMCrypto on 32-bit systems
  • Fixed OEMCrypto_RefreshKeys return value
  • Fixed OEMCrypto_GenerateRSASignature return value
  • Fixed assertions during server certificate provisioning, triggered by a race condition
  • Removed spurious error messages from CdmEngine::AddKey()
  • Fixed PSS verification in iOS privacy crypto implementation

3.0.2 (2015-09-18)

Features:

  • Updated OEMCrypto docs
  • Privacy crypto implementation for iOS
  • Now builds with strict warnings and warnings as errors
  • Added an extra method to IEventListener to allow integration with older versions of Chromium using prefixed EME
    • NOTE: This is temporary and will be removed in a future release

Bugfixes:

  • Fixed support for C++11 and clang
  • Prevent renewal license when can_renew is false
  • Fixed variable-length key ID tests
  • Fixed enforcement of secure buffer types for decrypt
  • Fix type-casting issues with various versions of OpenSSL and BoringSSL
  • Return kNotSupported when generateRequest called with non-Widevine initdata

3.0.1 (2015-09-11)

Features:

  • Added new methods to access app parameters available on Android
  • Test suite is now IPv6-ready
  • Exposed IClient inheritance for Cdm interface
  • Added baked-in cert support to the mock OEMCrypto

Bugfixes:

  • Made improvements to tests for OEMCrypto and core
  • Return client ID information in secure stop
  • Fix multiple deletions of OEMCrypto usage table entries
  • Don't delete offline licenses when a new device cert is provisioned
  • Hardened BufferReader class
  • Removed excess logging in PSSH parser
  • Fixed iOS build issues with MD5 in DeviceFiles
  • Fixed iOS build issues with protobuf_config==target
  • Fixed bugs in OEMCrypto v9 and v10 adapters
  • Fixed inclusion of unit test gypis from external projects

Broken compatibility:

  • Added a cancel() method to ITimer, needed for some timer implementations

3.0.0 (2015-06-19)

v3.0 introduced a completely new interface which is not backward compatible with v2.x.

Features:

  • Simplified, synchronous interface which mimics EME APIs
  • Support for key statuses and session expiration times
  • Simplified build system with fewer build-time flags
  • Simplified initialization with runtime settings for client info, log levels, and secure output modes
  • Secure output modes are explicit, and individual decrypt requests can be done in the clear (for example, for platforms with L3 audio)
  • Device certificates are now required for all platforms and must be provisioned during initialization if not present
  • Simplified storage interface with more explicit methods
  • New integration guide which replaces several older documents