widevine-partner/ce_cdm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
501c22890d4d11d3450f0d59005a4f2196b82e58
ce_cdm/CHANGELOG.md

8.4 KiB
Raw Blame History

3.4.1 (2017-08-31)

Features:

  • Preliminary support for sublicenses and key rotation using sublicenses.

BugFixes:

  • Fixed build failure in protobuf host tools build (relaxed compiler warning checks).
  • Enabled a number of more restrictive compiler checks, and fixed non-compliant code.
  • Mock OEMCrypto: handle case of non-aligned nonce pointer in OEMCrypto_RewrapDeviceRSAKey() and OEMCrypto_RewrapDevideRSAKey30()

3.3.0 (2017-05-03)

Features:

  • Support OEMCrypto V12. Versions 8 through 11 are supported through adapters.
  • Bugfixes to Provisioning 3.0.
  • Add tool for generating Provisioning 3.0 OEM Certificates.
  • Add property (provisioning_messages_are_binary)to control whether CDM generates/accepts provisioning messages in binary or base64+JSON format (default is base64+JSON).
  • Upgrade Protobuf kit (from 2.5.0 to 2.6.1).
  • Add Cdm::getServiceCertificateRequest() and Cdm::parseServiceCertificateResponse().
  • Add API calls for managing usage records:
    • Cdm::listUsageRecords
    • Cdm::deleteUsageRecord
    • Cdm::deleteAllUsageRecords
  • Remove automatic Service certificate fetch from CDM.
    • The CDM client is responsible for ensuring the CDM has a valid Service Certificate.
  • Add status return to report that playback is blocked by HDCP or video resolution constraints (kKeyUsageBlockedByPolicy).
  • Provisioning Request and Response are base64 (web-safe) protobuf messages:
    • The request message in an IEventListener::onDirectIndividualizationRequest() callback.
    • The response message in the call to Cdm::update(). Conversions and/or filtering required by a particular Provisioning Server must be performed in CDM client code.

Bugfixes:

  • Various compiler warnings.
  • Provisioning 3.0 bugfixes.

3.2.0 (2016-12-17)

Features:

  • Changed location for fetching protobuf kit. Still using 2.5.0.
  • Upgrade stringencoders to most recent release (28ae396)
  • Upgrade gmock 1.7.0 to googletest 1.8.0
  • Remove default service certificate.
  • Add Cdm::listStoredLicenses().
  • Break decryption buffers into 100KiB blocks if/when needed.
  • Add Cdm::setVideoResolution().
  • Add Cdm::isProvisioned() and Cdm::removeProvisioning().
  • Add Cdm::removeUsageTable().
  • Change default setting of Properties::use_certificates_as_identification to TRUE.
  • Changes to duration semantics in PolicyEngine.
  • Support Provisioning v3.0.
    • Add support for OEM Certificate - use it in provisioning request.
    • Pass provider ID from service certificate to provisioning request.
    • Retrieve device serial number from stored DRM Device Certificate.
  • Upgrade to OEMCrypto V12.

Bugfixes:

  • Add log messages for bad Keybox token.
  • Make HTTP transactions in unit tests more robust.
  • Ensure proper cleanup of offline release sessions.
  • Avoid potential race condition on closing CDM sessions.
  • Move g_cutoff earlier in Cdm::Initialize() - allows early debug messages to be suppressed.
  • Unit test bugfixes.

3.0.6 (2016-08-15)

Bugfixes:

  • Upgraded TLS version used in HTTPS connections made by the unit tests, for compatibility with recent changes to our servers

3.1.0 (2016-07-18)

Features:

  • Updates to conform to EME June 10, 2016 Specification (http://www.w3.org/TR/2016/WD-encrypted-media-20160610/)
    • Add per-origin storage of all persistent data.
    • Use EME Direct Individualization to provision devices.
    • Add IEventListener::onDirectIndividualizationRequest() callback.
    • A "license-release" message is no longer fired on calls to load().
  • Add CDM entry points for generic crypto operations (Cdm::genericEncrypt(), Cdm::genericDecrypt(), Cdm::genericSign(), Cdm::genericVerify()).
  • Add support for CENC 3.0 and decryption of encrypted HLS content.
  • Add support for querying allowed usage for a key (Cdm::getKeyAllowedUsages()).
  • Upgrade to OEMCrypto v11.
  • Numerous unit test additions and improvements.
  • Add jsmn to third_party/.

Bugfixes:

  • Remove IEventListener::onMessageUrl() callback.
  • Don't check/validate crypto mode when Decrypt is called with unencrypted data.
  • Ensure keys are loaded before sending OnKeyStatusChange notifications. This avoids errors due to prematurely checking key statuses.
  • Correctly handle a bad RSA key.

3.0.5 (2015-12-16)

Features:

  • Add openssl_config variable for gyp-based projects which already include OpenSSL or BoringSSL

Bugfixes:

  • Sleep between tests to avoid triggering OEMCrypto nonce-flood errors on very fast machines

3.0.4 (2015-12-14)

Features:

  • Enforce storage restrictions based on the license type and policy
  • Updated to EME spec 2015-11-20
    • Updated kPersistent to kPersistentLicense
    • Updated kInvalidAccess with kTypeError and kRangeError
    • Updated kOutputNotAllowed to kOutputRestricted
    • Added key status kReleased
    • Added new session type (kPersistentUsageRecord) used for "secure stop"
  • Enabled WebM-related tests for CdmEngine

Bugfixes:

  • Fixed OEMCrypto test bugs regarding nonce-enabled and nonce-or-entry flags
  • Fixed build system bug to allow adding the static CDM library as a dependency of another gyp static library target
  • Fixed message type for service cert requests
  • Fixed reporting of expiration for sessions which do not expire
  • Fixed test bugs in which changing execution order caused test failures
  • Fixed bug in OEMCrypto_DeleteUsageTable in which the empty table was not written to disk
  • Fixed bug in CE CDM tests in which OEMCrypto usage table data was not cleared between test runs, causing issues with duplicate PSTs

3.0.3 (2015-11-09)

Features:

  • Added x86-32 build settings

Bugfixes:

  • Fix buffer overflow in mock OEMCrypto on 32-bit systems
  • Fixed OEMCrypto_RefreshKeys return value
  • Fixed OEMCrypto_GenerateRSASignature return value
  • Fixed assertions during server certificate provisioning, triggered by a race condition
  • Removed spurious error messages from CdmEngine::AddKey()
  • Fixed PSS verification in iOS privacy crypto implementation

3.0.2 (2015-09-18)

Features:

  • Updated OEMCrypto docs
  • Privacy crypto implementation for iOS
  • Now builds with strict warnings and warnings as errors
  • Added an extra method to IEventListener to allow integration with older versions of Chromium using prefixed EME
    • NOTE: This is temporary and will be removed in a future release

Bugfixes:

  • Fixed support for C++11 and clang
  • Prevent renewal license when can_renew is false
  • Fixed variable-length key ID tests
  • Fixed enforcement of secure buffer types for decrypt
  • Fix type-casting issues with various versions of OpenSSL and BoringSSL
  • Return kNotSupported when generateRequest called with non-Widevine initdata

3.0.1 (2015-09-11)

Features:

  • Added new methods to access app parameters available on Android
  • Test suite is now IPv6-ready
  • Exposed IClient inheritance for Cdm interface
  • Added baked-in cert support to the mock OEMCrypto

Bugfixes:

  • Made improvements to tests for OEMCrypto and core
  • Return client ID information in secure stop
  • Fix multiple deletions of OEMCrypto usage table entries
  • Don't delete offline licenses when a new device cert is provisioned
  • Hardened BufferReader class
  • Removed excess logging in PSSH parser
  • Fixed iOS build issues with MD5 in DeviceFiles
  • Fixed iOS build issues with protobuf_config==target
  • Fixed bugs in OEMCrypto v9 and v10 adapters
  • Fixed inclusion of unit test gypis from external projects

Broken compatibility:

  • Added a cancel() method to ITimer, needed for some timer implementations

3.0.0 (2015-06-19)

v3.0 introduced a completely new interface which is not backward compatible with v2.x.

Features:

  • Simplified, synchronous interface which mimics EME APIs
  • Support for key statuses and session expiration times
  • Simplified build system with fewer build-time flags
  • Simplified initialization with runtime settings for client info, log levels, and secure output modes
  • Secure output modes are explicit, and individual decrypt requests can be done in the clear (for example, for platforms with L3 audio)
  • Device certificates are now required for all platforms and must be provisioned during initialization if not present
  • Simplified storage interface with more explicit methods
  • New integration guide which replaces several older documents