348 lines
15 KiB
Markdown
348 lines
15 KiB
Markdown
# Widevine CE CDM Changelog
|
|
|
|
## 14.0.0 (2018-05-16)
|
|
|
|
Features:
|
|
- Support for OEMCrypto 14, including new unit tests that exercise its
|
|
functionality. For a full list of new features in OEMCrypto 14, please see
|
|
the Widevine Modular DRM Version 14 Delta document.
|
|
- Widevine CE CDM 14.0.0 is not compatible with any previous version of
|
|
OEMCrypto. It is only compatible with OEMCrypto v14.
|
|
- Added a new overload of the `load()` function for loading keys embedded
|
|
inside a PSSH header. This allows for key rotation without multiple server
|
|
roundtrips, using entitlement licenses. See the Integration Guide for more
|
|
information.
|
|
- The version number of the Widevine CE CDM has been bumped to bring the
|
|
version numbers of OEMCrypto, the Widevine CE CDM, and the Widevine Android
|
|
CDM closer to each other. The major version number of the CE CDM will now
|
|
always be the highest version of OEMCrypto supported by that version of the
|
|
CE CDM. This is always the version of OEMCrypto that we recommend using with
|
|
the CE CDM.
|
|
- For this release, the version number is 14.0.0 to reflect that this is the
|
|
first release to support OEMCrypto 14.
|
|
- Vendors no longer need to supply a copy of either OpenSSL or BoringSSL in
|
|
order to compile the CDM. The Widevine CE CDM will now always use the copy
|
|
of BoringSSL in the `third_party/` directory, which is provided with the
|
|
CDM source code.
|
|
- When compiled as a dynamic library, the Widevine CE CDM links statically
|
|
with this copy of BoringSSL using hidden visibility. This requires no
|
|
changes on the part of partners, so long as they are using the Widevine
|
|
CE CDM as a dynamic library. The Widevine CE CDM does not export any
|
|
BoringSSL functions and no longer interacts with the platform's copy of
|
|
OpenSSL or BoringSSL.
|
|
- When using the Widevine CE CDM as a static library, partners are
|
|
responsible for providing a compatible copy of BoringSSL. The file
|
|
`third_party/boringssl/kit/BORINGSSL_REVISION` contains the hash of the
|
|
version of BoringSSL included with the CE CDM, which can be used to guide
|
|
decisions about compatible versions of BoringSSL.
|
|
- The Widevine CE CDM no longer supports OpenSSL. Those wishing to use the
|
|
CE CDM as a static libary with OpenSSL will have to make small
|
|
modifications to the code where it uses BoringSSL-only APIs in order to
|
|
compile with OpenSSL.
|
|
- New build configuration setting: `asm_target_arch`
|
|
- When building assembly language files, this setting is used to determine
|
|
which CPU architecture's instructions to include.
|
|
- If this flag is not set by the configuration, it defaults to `none`, which
|
|
turns off use of assembly language completely. We strongly recommend
|
|
overriding this default so that you receive the speed benefits of
|
|
assembly language.
|
|
- Valid values are:
|
|
- `x86`
|
|
- `x86-64`
|
|
- `arm`
|
|
- `arm64`
|
|
- `ppc64`
|
|
- `none`
|
|
- Protobuf is now compiled by default to not use RTTI support. This reduces
|
|
the size of the final binary and allows for easier support of platforms
|
|
without RTTI.
|
|
- Several additional flags have been added to the example settings.gypi in
|
|
the `x86-64` build to reduce the size of the final binary. Partners may want
|
|
to consider setting similar flags on their own builds.
|
|
- `no-rtti` (Widevine CE CDM does not and has never used RTTI.)
|
|
- `no-exceptions` (Widevine CE CDM does not and has never used exceptions.)
|
|
- `lto`
|
|
- It is no longer permissible to pass a null `IStorage` pointer to
|
|
`Cdm::create()`. Previously, passing `NULL` would select the global/default
|
|
`IStorage` as the storage for the new CDM instance. However, starting in CE
|
|
CDM 3.5.0, the default `IStorage` began to be the storage for global data
|
|
such as the usage table header. To clarify its purpose, we are removing its
|
|
ability to do double duty as global storage and as a default for new CDM
|
|
instances.
|
|
- It is still permitted to use the same `IStorage` instance for the global
|
|
storage and as the storage for a specific CDM instance. If this is what
|
|
you intend, just pass the same pointer to both `Cdm::initialize()` and
|
|
`Cdm::create()`.
|
|
- Due to nonce flood protections in OEMCrypto, provisioning and licensing
|
|
request generation can fail due to too many requests being generated
|
|
quickly. Such failures can be retried successfully after a delay. This has
|
|
always been the case. To help in discerning when a failure is due to a nonce
|
|
flood and can be retried, these failures will now be reported as
|
|
`kQuotaExceeded` errors.
|
|
- There is a new parameter on `onKeyStatusesChange()`, `has_new_usable_key`.
|
|
This will be set to true when the status change has resulted in any new keys
|
|
becoming available. This can be used to more efficiently implement certain
|
|
EME behavior.
|
|
- A new function, `getStatusForHdcpVersion()` has been added to the CDM
|
|
interface. This function can be used to implement `getStatusForPolicy()`
|
|
from the [EME Extension: HDCP Policy Check][eme-hdcp] proposal.
|
|
- The default service certificate used for Provisioning 3.0 has been updated
|
|
to reflect changes to the Widevine Provisioning Server.
|
|
|
|
[eme-hdcp]: https://github.com/WICG/media-capabilities/blob/master/eme-extension-policy-check.md
|
|
|
|
## 3.5.0 (2017-11-22)
|
|
|
|
Features:
|
|
- Support OEMCrypto v13.2.
|
|
- Remove c++11-specific language features and library usages. Current
|
|
standard compliance is at gnu++98.
|
|
- Supply boringssl in third_party. This is the preferred SSL implementation,
|
|
although the gyp build scripts still allow an external boringssl or OpenSSL
|
|
library to be used.
|
|
- A number of gyp build rule changes have been made to improve how
|
|
dependencies are managed and how compile and link command switches are
|
|
applied. Compiler flags are used to restrictively detect and report
|
|
potential issues.
|
|
- Support for large Usage Tables (OEMCrypto v13 feature).
|
|
- Support for SRM enforcement and update (OEMCrypto v13 feature).
|
|
- Support for embedded licenses.
|
|
- Added support for OpenSSL 1.1 (OpenSSL API changes). Earlier versions of
|
|
OpenSSL are still supported. The actual OpenSSL version being used is
|
|
checked at compile time.
|
|
- Begin migration to exclusively supporting BoringSSL.
|
|
- Add adapter and stubs for running CDM against OEMCrypto v12. Remove
|
|
the adapter for OEMCrypto v8. Currently adapters exist for OEMCrypto
|
|
versions 9 through 12.
|
|
- Add Fuzzing tests for OEMCrypto interface (work in progress).
|
|
|
|
BugFixes:
|
|
- Numerous Usage Table fixes and improvements.
|
|
- Memory leak fixes.
|
|
- Handle non-aligned nonce pointer in RewrapDeviceRSAKey calls.
|
|
- Fix scoping errors in gyp build rules.
|
|
- Fixes to offline license handling.
|
|
|
|
## 3.4.1 (2017-08-31)
|
|
|
|
Features:
|
|
- Preliminary support for sublicenses and key rotation using sublicenses.
|
|
|
|
BugFixes:
|
|
- Fixed build failure in protobuf host tools build (relaxed compiler
|
|
warning checks).
|
|
- Enabled a number of more restrictive compiler checks, and fixed
|
|
non-compliant code.
|
|
- Mock OEMCrypto: handle case of non-aligned nonce pointer in
|
|
OEMCrypto_RewrapDeviceRSAKey() and OEMCrypto_RewrapDevideRSAKey30()
|
|
|
|
## 3.3.0 (2017-05-03)
|
|
|
|
Features:
|
|
- Support OEMCrypto V12. Versions 8 through 11 are supported through
|
|
adapters.
|
|
- Bugfixes to Provisioning 3.0.
|
|
- Add tool for generating Provisioning 3.0 OEM Certificates.
|
|
- Add property (provisioning_messages_are_binary)to control whether
|
|
CDM generates/accepts provisioning messages in binary or base64+JSON
|
|
format (default is base64+JSON).
|
|
- Upgrade Protobuf kit (from 2.5.0 to 2.6.1).
|
|
- Add Cdm::getServiceCertificateRequest() and
|
|
Cdm::parseServiceCertificateResponse().
|
|
- Add API calls for managing usage records:
|
|
- Cdm::listUsageRecords
|
|
- Cdm::deleteUsageRecord
|
|
- Cdm::deleteAllUsageRecords
|
|
- Remove automatic Service certificate fetch from CDM.
|
|
- The CDM client is responsible for ensuring the CDM has a valid
|
|
Service Certificate.
|
|
- Add status return to report that playback is blocked by HDCP or
|
|
video resolution constraints (kKeyUsageBlockedByPolicy).
|
|
- Provisioning Request and Response are base64 (web-safe) protobuf messages:
|
|
- The request message in an
|
|
IEventListener::onDirectIndividualizationRequest() callback.
|
|
- The response message in the call to Cdm::update().
|
|
Conversions and/or filtering required by a particular Provisioning Server
|
|
must be performed in CDM client code.
|
|
|
|
Bugfixes:
|
|
- Various compiler warnings.
|
|
- Provisioning 3.0 bugfixes.
|
|
|
|
## 3.2.0 (2016-12-17)
|
|
|
|
Features:
|
|
- Changed location for fetching protobuf kit. Still using 2.5.0.
|
|
- Upgrade stringencoders to most recent release (28ae396)
|
|
- Upgrade gmock 1.7.0 to googletest 1.8.0
|
|
- Remove default service certificate.
|
|
- Add Cdm::listStoredLicenses().
|
|
- Break decryption buffers into 100KiB blocks if/when needed.
|
|
- Add Cdm::setVideoResolution().
|
|
- Add Cdm::isProvisioned() and Cdm::removeProvisioning().
|
|
- Add Cdm::removeUsageTable().
|
|
- Change default setting of Properties::use_certificates_as_identification
|
|
to TRUE.
|
|
- Changes to duration semantics in PolicyEngine.
|
|
- Support Provisioning v3.0.
|
|
- Add support for OEM Certificate - use it in provisioning request.
|
|
- Pass provider ID from service certificate to provisioning request.
|
|
- Retrieve device serial number from stored DRM Device Certificate.
|
|
- Upgrade to OEMCrypto V12.
|
|
|
|
Bugfixes:
|
|
- Add log messages for bad Keybox token.
|
|
- Make HTTP transactions in unit tests more robust.
|
|
- Ensure proper cleanup of offline release sessions.
|
|
- Avoid potential race condition on closing CDM sessions.
|
|
- Move g_cutoff earlier in Cdm::Initialize() - allows early debug messages
|
|
to be suppressed.
|
|
- Unit test bugfixes.
|
|
|
|
## 3.0.6 (2016-08-15)
|
|
|
|
Bugfixes:
|
|
- Upgraded TLS version used in HTTPS connections made by the unit tests, for
|
|
compatibility with recent changes to our servers
|
|
|
|
|
|
## 3.1.0 (2016-07-18)
|
|
|
|
Features:
|
|
- Updates to conform to EME June 10, 2016 Specification
|
|
(http://www.w3.org/TR/2016/WD-encrypted-media-20160610/)
|
|
- Add per-origin storage of all persistent data.
|
|
- Use EME Direct Individualization to provision devices.
|
|
- Add IEventListener::onDirectIndividualizationRequest() callback.
|
|
- A "license-release" message is no longer fired on calls to load().
|
|
- Add CDM entry points for generic crypto operations (Cdm::genericEncrypt(),
|
|
Cdm::genericDecrypt(), Cdm::genericSign(), Cdm::genericVerify()).
|
|
- Add support for CENC 3.0 and decryption of encrypted HLS content.
|
|
- Add support for querying allowed usage for a key
|
|
(Cdm::getKeyAllowedUsages()).
|
|
- Upgrade to OEMCrypto v11.
|
|
- Numerous unit test additions and improvements.
|
|
- Add jsmn to third\_party/.
|
|
|
|
Bugfixes:
|
|
- Remove IEventListener::onMessageUrl() callback.
|
|
- Don't check/validate crypto mode when Decrypt is called with unencrypted
|
|
data.
|
|
- Ensure keys are loaded before sending OnKeyStatusChange notifications.
|
|
This avoids errors due to prematurely checking key statuses.
|
|
- Correctly handle a bad RSA key.
|
|
|
|
|
|
## 3.0.5 (2015-12-16)
|
|
|
|
Features:
|
|
- Add openssl\_config variable for gyp-based projects which already include
|
|
OpenSSL or BoringSSL
|
|
|
|
Bugfixes:
|
|
- Sleep between tests to avoid triggering OEMCrypto nonce-flood errors on
|
|
very fast machines
|
|
|
|
|
|
## 3.0.4 (2015-12-14)
|
|
|
|
Features:
|
|
- Enforce storage restrictions based on the license type and policy
|
|
- Updated to EME spec 2015-11-20
|
|
- Updated kPersistent to kPersistentLicense
|
|
- Updated kInvalidAccess with kTypeError and kRangeError
|
|
- Updated kOutputNotAllowed to kOutputRestricted
|
|
- Added key status kReleased
|
|
- Added new session type (kPersistentUsageRecord) used for "secure stop"
|
|
- Enabled WebM-related tests for CdmEngine
|
|
|
|
Bugfixes:
|
|
- Fixed OEMCrypto test bugs regarding nonce-enabled and nonce-or-entry flags
|
|
- Fixed build system bug to allow adding the static CDM library as a
|
|
dependency of another gyp static library target
|
|
- Fixed message type for service cert requests
|
|
- Fixed reporting of expiration for sessions which do not expire
|
|
- Fixed test bugs in which changing execution order caused test failures
|
|
- Fixed bug in OEMCrypto\_DeleteUsageTable in which the empty table was not
|
|
written to disk
|
|
- Fixed bug in CE CDM tests in which OEMCrypto usage table data was not
|
|
cleared between test runs, causing issues with duplicate PSTs
|
|
|
|
|
|
## 3.0.3 (2015-11-09)
|
|
|
|
Features:
|
|
- Added x86-32 build settings
|
|
|
|
Bugfixes:
|
|
- Fix buffer overflow in mock OEMCrypto on 32-bit systems
|
|
- Fixed OEMCrypto\_RefreshKeys return value
|
|
- Fixed OEMCrypto\_GenerateRSASignature return value
|
|
- Fixed assertions during server certificate provisioning, triggered by a
|
|
race condition
|
|
- Removed spurious error messages from CdmEngine::AddKey()
|
|
- Fixed PSS verification in iOS privacy crypto implementation
|
|
|
|
|
|
## 3.0.2 (2015-09-18)
|
|
|
|
Features:
|
|
- Updated OEMCrypto docs
|
|
- Privacy crypto implementation for iOS
|
|
- Now builds with strict warnings and warnings as errors
|
|
- Added an extra method to IEventListener to allow integration with older
|
|
versions of Chromium using prefixed EME
|
|
- *NOTE: This is temporary and will be removed in a future release*
|
|
|
|
Bugfixes:
|
|
- Fixed support for C++11 and clang
|
|
- Prevent renewal license when can\_renew is false
|
|
- Fixed variable-length key ID tests
|
|
- Fixed enforcement of secure buffer types for decrypt
|
|
- Fix type-casting issues with various versions of OpenSSL and BoringSSL
|
|
- Return kNotSupported when generateRequest called with non-Widevine initdata
|
|
|
|
|
|
## 3.0.1 (2015-09-11)
|
|
|
|
Features:
|
|
- Added new methods to access app parameters available on Android
|
|
- Test suite is now IPv6-ready
|
|
- Exposed IClient inheritance for Cdm interface
|
|
- Added baked-in cert support to the mock OEMCrypto
|
|
|
|
Bugfixes:
|
|
- Made improvements to tests for OEMCrypto and core
|
|
- Return client ID information in secure stop
|
|
- Fix multiple deletions of OEMCrypto usage table entries
|
|
- Don't delete offline licenses when a new device cert is provisioned
|
|
- Hardened BufferReader class
|
|
- Removed excess logging in PSSH parser
|
|
- Fixed iOS build issues with MD5 in DeviceFiles
|
|
- Fixed iOS build issues with protobuf\_config==target
|
|
- Fixed bugs in OEMCrypto v9 and v10 adapters
|
|
- Fixed inclusion of unit test gypis from external projects
|
|
|
|
Broken compatibility:
|
|
- Added a cancel() method to ITimer, needed for some timer implementations
|
|
|
|
|
|
## 3.0.0 (2015-06-19)
|
|
|
|
v3.0 introduced a completely new interface which is not backward compatible
|
|
with v2.x.
|
|
|
|
Features:
|
|
- Simplified, synchronous interface which mimics EME APIs
|
|
- Support for key statuses and session expiration times
|
|
- Simplified build system with fewer build-time flags
|
|
- Simplified initialization with runtime settings for client info,
|
|
log levels, and secure output modes
|
|
- Secure output modes are explicit, and individual decrypt requests can
|
|
be done in the clear (for example, for platforms with L3 audio)
|
|
- Device certificates are now required for all platforms and must be
|
|
provisioned during initialization if not present
|
|
- Simplified storage interface with more explicit methods
|
|
- New integration guide which replaces several older documents
|
|
|