Second OPK Partner Beta v16 Release

See https://developers.google.com/widevine/drm/client/opk
for documentation and an integration guide.

See CHANGELOG.md for details about recent changes.

CHANGELOG.md

@@ -0,0 +1,73 @@
+# Widevine OEMCrypto, ODK, and OPK Changelog
+
+[TOC]
+
+## [Version 16.4 plus opk beta 2][v16.4+opk-beta2]
+
+Second beta release of the OEMCrypto Porting Kit (OPK), supporting OEMCrypto v16.
+
+The following changes are included with this update:
+- Add makefiles to build OEMCrypto TA and host apps for OP-TEE. See
+  `oemcrypto/opk/ports/optee/README.md` for information on how to build with make
+- Update missing and outdated files such as `odk_message.h` and
+  `OEMCryptoCENCCommon.h`
+- Rename WTPI interface files with common WTPI prefix
+- Add more WTPI unit tests for crypto functions
+- Replace DER parsing code in OEMCrypto TA OPTEE port with mbedtls
+  implementation
+- Update oemcrypto unittests
+
+Using the default make settings and an external OP-TEE repository setup, the
+OEMCrypto TA port is now buildable for QEMU. Slight changes to environment
+variables will enable STM32MP1 and NXP iMX8 targets. Keep in mind that the
+performance capabilities of QEMU and the STM32MP1 platforms do not meet the
+timing requirements for many oemcrypto unittests; so far we have only passed all
+tests on the NXP hardware.
+
+This update does not include any Trusty port code.
+
+## [Version 16.4 plus opk beta][v16.4+opk-beta]
+
+Initial beta release of the OEMCrypto Porting Kit (OPK), supporting OEMCrypto v16.
+
+## [Version 16.4 doc updates][v16.4+doc-updates]
+
+Documentation updates. All headers have been updated so that documentation may
+be extracted using Doxygen. Documentation can now be found at
+https://developers.google.com/widevine/drm/client/oemcrypto
+
+
+## [Version 16.4 plus extra tests][v16.4+extra-test]
+
+We have added several new tests to the OEMCrypto test suite in order to identify
+and fix certain types of security issues that are being discovered and disclosed
+by security researchers.  Widevine strongly recommends these additional security
+tests, in order to minimize the risk and exposure from external security
+research.
+
+Most of the new tests are checking for buffer overflow and off-by-one
+errors. They verify that OEMCrypto correctly handles the case where input
+buffers are larger than output buffers; total subsamples are larger than
+samples; and message buffers are much larger than required. OEMCrypto is
+expected to accept bad input and fail gracefully. Failing these tests is an
+indication that there might be a security risk.
+
+Because buffer overflow bugs might crash the device or cause a seg fault, these
+tests might fail and then stop running. For this reason, you cannot assume that
+your device is passing all of the tests if you don't see FAIL in the
+output. Instead, you should look for a summary at the end of the test suite
+output saying that all the tests passed.  See the README.md in oemcrypto/test
+for more details.
+
+
+## [Version 16.4][v16.4]
+
+Public release for OEMCrypto API and ODK library version 16.4.
+
+
+
+[v16.4]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v16.4
+[v16.4+extra-test]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v16.4+extra-tests
+[v16.4+doc-updates]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v16.4+doc-updates
+[v16.4+opk-beta]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v16.4+opk-beta
+[v16.4+opk-beta2]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v16.4+opk-beta2