widevine-partner/ce_cdm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
afa11a48a0dcdad47ffa52f5a7bead8e5f5d4475
ce_cdm/CHANGELOG.md
John W. Bruce afa11a48a0 Source release 14.1.0
2018-06-29 15:59:47 -07:00

463 lines
22 KiB
Markdown
Raw Blame History

# Widevine CE CDM Changelog
[TOC]
## 14.1.0 (2018-06-29)
Features:
- The OEMCrypto headers and documentation have been updated to v14.1
- Note that although this is CE CDM 14.1.0 and it contains OEMCrypto v14.1,
the synchronization of the minor version numbers is a coincidence. We do
not guarantee that future OEMCrypto and CE CDM minor version updates will
always coincide like this. We do expect that major version updates will
coincide.
- The client identification data passed up in a provisioning request has been
expanded to match the client identification data passed up in a license
request.
- In order to protect users' privacy, this expanded client identification
data is encrypted with the provisioning server's service certificate.
- For apps using entitlement licenses, loading new entitled keys will no
longer unload the previous entitled keys. After loading new entitled keys,
both the old and new entitled keys will be available for decryption. Once
loaded, entitled keys will remain valid until the session they were loaded
into is closed.
- This does not affect the behavior of OEMCrypto. Inside OEMCrypto, there
remains at most one entitled key loaded for each entitlement key. The CE
CDM handles switching out entitled keys so that the correct entitled key
is loaded at any given time.
- It is now possible to manually provision the CE CDM, rather than relying on
the automatic generation of a provisioning request when attempting to
generate a license request on an unprovisioned system. Partners that know
they need to provision can use `Cdm::getProvisioningRequest()` and
`Cdm::handleProvisioningResponse()` to perform provisioning before trying to
open any sessions.
- A new method, `Cdm::forceRemove()` has been added to allow the removal of
offline data associated with a license without a server roundtrip. This is
generally *not* what is desired, and this method should be used only by
partners who are certain they want to discard offline licenses and/or usage
info without the server being aware of it. Most partners will want to
continue using `Cdm::remove()` to perform a release roundtrip with the
licensing server, so that the server can track the release and record the
final usage information.
- An OEMCrypto clock rollback-prevention test has been added,
`UsageTableTest.TimeRollbackPrevention`. This test can only run if the
unit tests are being run as root, however, and is disabled automatically
when the unit tests are run as a non-root user.
- Usage information is now persisted to disk whenever a session is closed, in
addition to its existing behavior of saving periodically. This gives better
persistence at the expense of slightly more storage writes.
- Additional unit tests for existing behavior have been added.
- This changelog now has a table of contents.
- [Widevine_OEMCrypto_Version_Compatibility.pdf][oec-version-compat] has been
added, outlining the compatibility between the various Widevine CDM
releases and the various OEMCrypto versions.
- [Widevine_DRM_Device_Provisioning_Models.pdf][provisioning-models] has been
added, outlining the differences between Provisioning 2.0 and 3.0.
- The script `create_static_bundle.py` has been added to assist partners who
want to concatenate all the static libraries that make up the Widevine CE
CDM into one static library.
[oec-version-compat]: ./oemcrypto/docs/Widevine_OEMCrypto_Version_Compatibility.pdf
[provisioning-models]: ./oemcrypto/docs/Widevine_DRM_Device_Provisioning_Models.pdf
Dependency Updates:
- The bundled version of Protocol Buffers has been updated to
[v3.5.1][protobuf-3.5.1]. The Widevine CE CDM should continue to work with
any version of Protocol Buffers at or greater than v2.6, but we now
recommend v3.5.1.
- As part of this update, the compilation flags for Protocol Buffers were
changed. Depending on the flags partners use by default, they may need to
make changes to their flags to accomodate the new version of Protocol
Buffers.
- The bundled version of BoringSSL has been updated to commit
[`0080d83b9faf8dd325f5f5f92eb56faa93864e4c`][boringssl-0080d83b].
[protobuf-3.5.1]: https://github.com/google/protobuf/releases/tag/v3.5.1
[boringssl-0080d83b]: https://boringssl.googlesource.com/boringssl/+/0080d83b9faf8dd325f5f5f92eb56faa93864e4c
Bugfixes:
- Cleaned up redundant compiler flags in the sample x86-64 platform files.
- `UsageTableTest.TwoHundredEntries` was actually testing 201 entries. It has
been fixed.
- The CE CDM will now build without modification on Clang 4 and 5. Previously,
the Protobuf build triggered some warnings that were treated as errors.
- The CDM will now prevent attempts to unprovision devices that use a baked-in
device certificate in their OEMCrypto implementation, as it is not possible
to reprovision these devices.
- The documentation for `Cdm::initialize()` has been updated to make the
caller's responsibilities more explicit. The caller must ensure that the
objects passed to the library at initialization outlive the library itself.
This has always been the case, but the documentation for it has been made
clearer.
- The documentation for `Cdm::create()` was not updated to reflect the changes
in CE CDM 14.0.0 that disallowed passing `NULL` to it. The documentation has
been updated.
- The CDM now recovers more gracefully when files persisted to disk have been
corrupted.
- A race condition between `Cdm::decrypt()`, `Cdm::close()`, and periodic
timers has been fixed.
- The copyright headers on the source code files have been updated.
- Fixed a situation where the CDM might incorrectly report the expiration time
of licenses that never expire. `Cdm::getExpiration()` should now correctly
report an expiration of `-1` for these licenses. Note that the actual
expiration time was always being tracked correctly internally; it was only
being reported incorrectly to the application.
- The CE CDM already made defensive copies of the buffer parameters when
decrypting data in chunks, but it did not make defensive copies when
calling `OEMCrypto_CopyBuffer()` in chunks. This has been fixed. This
resolves issues that occurred when OEMCrypto modified the buffer parameters
in-place during calls to `OEMCrypto_CopyBuffer()`.
- Several disabled unit tests that did not need to be disabled anymore have
been re-enabled.
- Fixed a place where newer versions of Clang could not infer the correct
overload of `std::string::insert()` to call.
- The `HttpSocket` class used by the unit tests is now more resilient against
errors that occur during HTTPS communication and will retry after a delay
when it detects a retryable error.
## 14.0.0 (2018-05-16)
Features:
- Support for OEMCrypto 14, including new unit tests that exercise its
functionality. For a full list of new features in OEMCrypto 14, please see
the Widevine Modular DRM Version 14 Delta document.
- Widevine CE CDM 14.0.0 is not compatible with any previous version of
OEMCrypto. It is only compatible with OEMCrypto v14.
- Added a new overload of the `load()` function for loading keys embedded
inside a PSSH header. This allows for key rotation without multiple server
roundtrips, using entitlement licenses. See the Integration Guide for more
information.
- The version number of the Widevine CE CDM has been bumped to bring the
version numbers of OEMCrypto, the Widevine CE CDM, and the Widevine Android
CDM closer to each other. The major version number of the CE CDM will now
always be the highest version of OEMCrypto supported by that version of the
CE CDM. This is always the version of OEMCrypto that we recommend using with
the CE CDM.
- For this release, the version number is 14.0.0 to reflect that this is the
first release to support OEMCrypto 14.
- Vendors no longer need to supply a copy of either OpenSSL or BoringSSL in
order to compile the CDM. The Widevine CE CDM will now always use the copy
of BoringSSL in the `third_party/` directory, which is provided with the
CDM source code.
- When compiled as a dynamic library, the Widevine CE CDM links statically
with this copy of BoringSSL using hidden visibility. This requires no
changes on the part of partners, so long as they are using the Widevine
CE CDM as a dynamic library. The Widevine CE CDM does not export any
BoringSSL functions and no longer interacts with the platform's copy of
OpenSSL or BoringSSL.
- When using the Widevine CE CDM as a static library, partners are
responsible for providing a compatible copy of BoringSSL. The file
`third_party/boringssl/kit/BORINGSSL_REVISION` contains the hash of the
version of BoringSSL included with the CE CDM, which can be used to guide
decisions about compatible versions of BoringSSL.
- The Widevine CE CDM no longer supports OpenSSL. Those wishing to use the
CE CDM as a static libary with OpenSSL will have to make small
modifications to the code where it uses BoringSSL-only APIs in order to
compile with OpenSSL.
- New build configuration setting: `asm_target_arch`
- When building assembly language files, this setting is used to determine
which CPU architecture's instructions to include.
- If this flag is not set by the configuration, it defaults to `none`, which
turns off use of assembly language completely. We strongly recommend
overriding this default so that you receive the speed benefits of
assembly language.
- Valid values are:
- `x86`
- `x86-64`
- `arm`
- `arm64`
- `ppc64`
- `none`
- Protobuf is now compiled by default to not use RTTI support. This reduces
the size of the final binary and allows for easier support of platforms
without RTTI.
- Several additional flags have been added to the example settings.gypi in
the `x86-64` build to reduce the size of the final binary. Partners may want
to consider setting similar flags on their own builds.
- `no-rtti` (Widevine CE CDM does not and has never used RTTI.)
- `no-exceptions` (Widevine CE CDM does not and has never used exceptions.)
- `lto`
- It is no longer permissible to pass a null `IStorage` pointer to
`Cdm::create()`. Previously, passing `NULL` would select the global/default
`IStorage` as the storage for the new CDM instance. However, starting in CE
CDM 3.5.0, the default `IStorage` began to be the storage for global data
such as the usage table header. To clarify its purpose, we are removing its
ability to do double duty as global storage and as a default for new CDM
instances.
- It is still permitted to use the same `IStorage` instance for the global
storage and as the storage for a specific CDM instance. If this is what
you intend, just pass the same pointer to both `Cdm::initialize()` and
`Cdm::create()`.
- Due to nonce flood protections in OEMCrypto, provisioning and licensing
request generation can fail due to too many requests being generated
quickly. Such failures can be retried successfully after a delay. This has
always been the case. To help in discerning when a failure is due to a nonce
flood and can be retried, these failures will now be reported as
`kQuotaExceeded` errors.
- There is a new parameter on `onKeyStatusesChange()`, `has_new_usable_key`.
This will be set to true when the status change has resulted in any new keys
becoming available. This can be used to more efficiently implement certain
EME behavior.
- A new function, `getStatusForHdcpVersion()` has been added to the CDM
interface. This function can be used to implement `getStatusForPolicy()`
from the [EME Extension: HDCP Policy Check][eme-hdcp] proposal.
- The default service certificate used for Provisioning 3.0 has been updated
to reflect changes to the Widevine Provisioning Server.
[eme-hdcp]: https://github.com/WICG/media-capabilities/blob/master/eme-extension-policy-check.md
## 3.5.0 (2017-11-22)
Features:
- Support OEMCrypto v13.2.
- Remove c++11-specific language features and library usages. Current
standard compliance is at gnu++98.
- Supply boringssl in third_party. This is the preferred SSL implementation,
although the gyp build scripts still allow an external boringssl or OpenSSL
library to be used.
- A number of gyp build rule changes have been made to improve how
dependencies are managed and how compile and link command switches are
applied. Compiler flags are used to restrictively detect and report
potential issues.
- Support for large Usage Tables (OEMCrypto v13 feature).
- Support for SRM enforcement and update (OEMCrypto v13 feature).
- Support for embedded licenses.
- Added support for OpenSSL 1.1 (OpenSSL API changes). Earlier versions of
OpenSSL are still supported. The actual OpenSSL version being used is
checked at compile time.
- Begin migration to exclusively supporting BoringSSL.
- Add adapter and stubs for running CDM against OEMCrypto v12. Remove
the adapter for OEMCrypto v8. Currently adapters exist for OEMCrypto
versions 9 through 12.
- Add Fuzzing tests for OEMCrypto interface (work in progress).
BugFixes:
- Numerous Usage Table fixes and improvements.
- Memory leak fixes.
- Handle non-aligned nonce pointer in RewrapDeviceRSAKey calls.
- Fix scoping errors in gyp build rules.
- Fixes to offline license handling.
## 3.4.1 (2017-08-31)
Features:
- Preliminary support for sublicenses and key rotation using sublicenses.
BugFixes:
- Fixed build failure in protobuf host tools build (relaxed compiler
warning checks).
- Enabled a number of more restrictive compiler checks, and fixed
non-compliant code.
- Mock OEMCrypto: handle case of non-aligned nonce pointer in
OEMCrypto_RewrapDeviceRSAKey() and OEMCrypto_RewrapDevideRSAKey30()
## 3.3.0 (2017-05-03)
Features:
- Support OEMCrypto V12. Versions 8 through 11 are supported through
adapters.
- Bugfixes to Provisioning 3.0.
- Add tool for generating Provisioning 3.0 OEM Certificates.
- Add property (provisioning_messages_are_binary)to control whether
CDM generates/accepts provisioning messages in binary or base64+JSON
format (default is base64+JSON).
- Upgrade Protobuf kit (from 2.5.0 to 2.6.1).
- Add Cdm::getServiceCertificateRequest() and
Cdm::parseServiceCertificateResponse().
- Add API calls for managing usage records:
- Cdm::listUsageRecords
- Cdm::deleteUsageRecord
- Cdm::deleteAllUsageRecords
- Remove automatic Service certificate fetch from CDM.
- The CDM client is responsible for ensuring the CDM has a valid
Service Certificate.
- Add status return to report that playback is blocked by HDCP or
video resolution constraints (kKeyUsageBlockedByPolicy).
- Provisioning Request and Response are base64 (web-safe) protobuf messages:
- The request message in an
IEventListener::onDirectIndividualizationRequest() callback.
- The response message in the call to Cdm::update().
Conversions and/or filtering required by a particular Provisioning Server
must be performed in CDM client code.
Bugfixes:
- Various compiler warnings.
- Provisioning 3.0 bugfixes.
## 3.2.0 (2016-12-17)
Features:
- Changed location for fetching protobuf kit. Still using 2.5.0.
- Upgrade stringencoders to most recent release (28ae396)
- Upgrade gmock 1.7.0 to googletest 1.8.0
- Remove default service certificate.
- Add Cdm::listStoredLicenses().
- Break decryption buffers into 100KiB blocks if/when needed.
- Add Cdm::setVideoResolution().
- Add Cdm::isProvisioned() and Cdm::removeProvisioning().
- Add Cdm::removeUsageTable().
- Change default setting of Properties::use_certificates_as_identification
to TRUE.
- Changes to duration semantics in PolicyEngine.
- Support Provisioning v3.0.
- Add support for OEM Certificate - use it in provisioning request.
- Pass provider ID from service certificate to provisioning request.
- Retrieve device serial number from stored DRM Device Certificate.
- Upgrade to OEMCrypto V12.
Bugfixes:
- Add log messages for bad Keybox token.
- Make HTTP transactions in unit tests more robust.
- Ensure proper cleanup of offline release sessions.
- Avoid potential race condition on closing CDM sessions.
- Move g_cutoff earlier in Cdm::Initialize() - allows early debug messages
to be suppressed.
- Unit test bugfixes.
## 3.0.6 (2016-08-15)
Bugfixes:
- Upgraded TLS version used in HTTPS connections made by the unit tests, for
compatibility with recent changes to our servers
## 3.1.0 (2016-07-18)
Features:
- Updates to conform to EME June 10, 2016 Specification
(http://www.w3.org/TR/2016/WD-encrypted-media-20160610/)
- Add per-origin storage of all persistent data.
- Use EME Direct Individualization to provision devices.
- Add IEventListener::onDirectIndividualizationRequest() callback.
- A "license-release" message is no longer fired on calls to load().
- Add CDM entry points for generic crypto operations (Cdm::genericEncrypt(),
Cdm::genericDecrypt(), Cdm::genericSign(), Cdm::genericVerify()).
- Add support for CENC 3.0 and decryption of encrypted HLS content.
- Add support for querying allowed usage for a key
(Cdm::getKeyAllowedUsages()).
- Upgrade to OEMCrypto v11.
- Numerous unit test additions and improvements.
- Add jsmn to third\_party/.
Bugfixes:
- Remove IEventListener::onMessageUrl() callback.
- Don't check/validate crypto mode when Decrypt is called with unencrypted
data.
- Ensure keys are loaded before sending OnKeyStatusChange notifications.
This avoids errors due to prematurely checking key statuses.
- Correctly handle a bad RSA key.
## 3.0.5 (2015-12-16)
Features:
- Add openssl\_config variable for gyp-based projects which already include
OpenSSL or BoringSSL
Bugfixes:
- Sleep between tests to avoid triggering OEMCrypto nonce-flood errors on
very fast machines
## 3.0.4 (2015-12-14)
Features:
- Enforce storage restrictions based on the license type and policy
- Updated to EME spec 2015-11-20
- Updated kPersistent to kPersistentLicense
- Updated kInvalidAccess with kTypeError and kRangeError
- Updated kOutputNotAllowed to kOutputRestricted
- Added key status kReleased
- Added new session type (kPersistentUsageRecord) used for "secure stop"
- Enabled WebM-related tests for CdmEngine
Bugfixes:
- Fixed OEMCrypto test bugs regarding nonce-enabled and nonce-or-entry flags
- Fixed build system bug to allow adding the static CDM library as a
dependency of another gyp static library target
- Fixed message type for service cert requests
- Fixed reporting of expiration for sessions which do not expire
- Fixed test bugs in which changing execution order caused test failures
- Fixed bug in OEMCrypto\_DeleteUsageTable in which the empty table was not
written to disk
- Fixed bug in CE CDM tests in which OEMCrypto usage table data was not
cleared between test runs, causing issues with duplicate PSTs
## 3.0.3 (2015-11-09)
Features:
- Added x86-32 build settings
Bugfixes:
- Fix buffer overflow in mock OEMCrypto on 32-bit systems
- Fixed OEMCrypto\_RefreshKeys return value
- Fixed OEMCrypto\_GenerateRSASignature return value
- Fixed assertions during server certificate provisioning, triggered by a
race condition
- Removed spurious error messages from CdmEngine::AddKey()
- Fixed PSS verification in iOS privacy crypto implementation
## 3.0.2 (2015-09-18)
Features:
- Updated OEMCrypto docs
- Privacy crypto implementation for iOS
- Now builds with strict warnings and warnings as errors
- Added an extra method to IEventListener to allow integration with older
versions of Chromium using prefixed EME
- *NOTE: This is temporary and will be removed in a future release*
Bugfixes:
- Fixed support for C++11 and clang
- Prevent renewal license when can\_renew is false
- Fixed variable-length key ID tests
- Fixed enforcement of secure buffer types for decrypt
- Fix type-casting issues with various versions of OpenSSL and BoringSSL
- Return kNotSupported when generateRequest called with non-Widevine initdata
## 3.0.1 (2015-09-11)
Features:
- Added new methods to access app parameters available on Android
- Test suite is now IPv6-ready
- Exposed IClient inheritance for Cdm interface
- Added baked-in cert support to the mock OEMCrypto
Bugfixes:
- Made improvements to tests for OEMCrypto and core
- Return client ID information in secure stop
- Fix multiple deletions of OEMCrypto usage table entries
- Don't delete offline licenses when a new device cert is provisioned
- Hardened BufferReader class
- Removed excess logging in PSSH parser
- Fixed iOS build issues with MD5 in DeviceFiles
- Fixed iOS build issues with protobuf\_config==target
- Fixed bugs in OEMCrypto v9 and v10 adapters
- Fixed inclusion of unit test gypis from external projects
Broken compatibility:
- Added a cancel() method to ITimer, needed for some timer implementations
## 3.0.0 (2015-06-19)
v3.0 introduced a completely new interface which is not backward compatible
with v2.x.
Features:
- Simplified, synchronous interface which mimics EME APIs
- Support for key statuses and session expiration times
- Simplified build system with fewer build-time flags
- Simplified initialization with runtime settings for client info,
log levels, and secure output modes
- Secure output modes are explicit, and individual decrypt requests can
be done in the clear (for example, for platforms with L3 audio)
- Device certificates are now required for all platforms and must be
provisioned during initialization if not present
- Simplified storage interface with more explicit methods
- New integration guide which replaces several older documents
Reference in New Issue View Git Blame Copy Permalink