widevine-partner/oemcrypto
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
684711a20f73fc287b3b3b6c7a8189179a0ad557
oemcrypto/CHANGELOG.md
Fred Gylys-Colwell 684711a20f Second OPK Partner Beta v16 Release 
See https://developers.google.com/widevine/drm/client/opk
for documentation and an integration guide.

See CHANGELOG.md for details about recent changes.
2022-02-25 12:02:41 -08:00

74 lines
3.2 KiB
Markdown
Raw Blame History

# Widevine OEMCrypto, ODK, and OPK Changelog
[TOC]
## [Version 16.4 plus opk beta 2][v16.4+opk-beta2]
Second beta release of the OEMCrypto Porting Kit (OPK), supporting OEMCrypto v16.
The following changes are included with this update:
- Add makefiles to build OEMCrypto TA and host apps for OP-TEE. See
`oemcrypto/opk/ports/optee/README.md` for information on how to build with make
- Update missing and outdated files such as `odk_message.h` and
`OEMCryptoCENCCommon.h`
- Rename WTPI interface files with common WTPI prefix
- Add more WTPI unit tests for crypto functions
- Replace DER parsing code in OEMCrypto TA OPTEE port with mbedtls
implementation
- Update oemcrypto unittests
Using the default make settings and an external OP-TEE repository setup, the
OEMCrypto TA port is now buildable for QEMU. Slight changes to environment
variables will enable STM32MP1 and NXP iMX8 targets. Keep in mind that the
performance capabilities of QEMU and the STM32MP1 platforms do not meet the
timing requirements for many oemcrypto unittests; so far we have only passed all
tests on the NXP hardware.
This update does not include any Trusty port code.
## [Version 16.4 plus opk beta][v16.4+opk-beta]
Initial beta release of the OEMCrypto Porting Kit (OPK), supporting OEMCrypto v16.
## [Version 16.4 doc updates][v16.4+doc-updates]
Documentation updates. All headers have been updated so that documentation may
be extracted using Doxygen. Documentation can now be found at
https://developers.google.com/widevine/drm/client/oemcrypto
## [Version 16.4 plus extra tests][v16.4+extra-test]
We have added several new tests to the OEMCrypto test suite in order to identify
and fix certain types of security issues that are being discovered and disclosed
by security researchers. Widevine strongly recommends these additional security
tests, in order to minimize the risk and exposure from external security
research.
Most of the new tests are checking for buffer overflow and off-by-one
errors. They verify that OEMCrypto correctly handles the case where input
buffers are larger than output buffers; total subsamples are larger than
samples; and message buffers are much larger than required. OEMCrypto is
expected to accept bad input and fail gracefully. Failing these tests is an
indication that there might be a security risk.
Because buffer overflow bugs might crash the device or cause a seg fault, these
tests might fail and then stop running. For this reason, you cannot assume that
your device is passing all of the tests if you don't see FAIL in the
output. Instead, you should look for a summary at the end of the test suite
output saying that all the tests passed. See the README.md in oemcrypto/test
for more details.
## [Version 16.4][v16.4]
Public release for OEMCrypto API and ODK library version 16.4.
[v16.4]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v16.4
[v16.4+extra-test]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v16.4+extra-tests
[v16.4+doc-updates]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v16.4+doc-updates
[v16.4+opk-beta]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v16.4+opk-beta
[v16.4+opk-beta2]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v16.4+opk-beta2
Reference in New Issue View Git Blame Copy Permalink