7485ac27d5
This is a patch release that fixes a bug in the OPK where calling OEMCrypto_MoveEntry() immediately after calling OEMCrypto_CreateNewUsageEntry() returns an error when it should return success.
4.1 KiB
Widevine OEMCrypto, ODK, and OPK Changelog
[TOC]
Version 16.4.1
Patch release which includes a fix for a bug in the OPK session state machine logic. Previously the state machine code would only allow OEMCrypto_MoveEntry() to be called when a usage entry had been loaded. This misses a few use cases from the CDM where OEMCrypto_MoveEntry() could be called immediately after opening a session or waiting for a license.
This bug could result in situations where users are unable to download offline licenses. If the usage table is completely filled (~300 entries by default in OPK), then this bug may occur when the CDM tries to move old entries to make room for new licenses. Similarly, if the usage table has gaps where previous entries were deleted, then this bug may occur when the CDM tries to defragment the usage table by moving newer usage entries into those gaps.
Version 16.4 plus opk beta 2
Second beta release of the OEMCrypto Porting Kit (OPK), supporting OEMCrypto v16.
The following changes are included with this update:
- Add makefiles to build OEMCrypto TA and host apps for OP-TEE. See
oemcrypto/opk/ports/optee/README.mdfor information on how to build with make - Update missing and outdated files such as
odk_message.handOEMCryptoCENCCommon.h - Rename WTPI interface files with common WTPI prefix
- Add more WTPI unit tests for crypto functions
- Replace DER parsing code in OEMCrypto TA OPTEE port with mbedtls implementation
- Update oemcrypto unittests
Using the default make settings and an external OP-TEE repository setup, the OEMCrypto TA port is now buildable for QEMU. Slight changes to environment variables will enable STM32MP1 and NXP iMX8 targets. Keep in mind that the performance capabilities of QEMU and the STM32MP1 platforms do not meet the timing requirements for many oemcrypto unittests; so far we have only passed all tests on the NXP hardware.
This update does not include any Trusty port code.
Version 16.4 plus opk beta
Initial beta release of the OEMCrypto Porting Kit (OPK), supporting OEMCrypto v16.
Version 16.4 doc updates
Documentation updates. All headers have been updated so that documentation may be extracted using Doxygen. Documentation can now be found at https://developers.google.com/widevine/drm/client/oemcrypto
Version 16.4 plus extra tests
We have added several new tests to the OEMCrypto test suite in order to identify and fix certain types of security issues that are being discovered and disclosed by security researchers. Widevine strongly recommends these additional security tests, in order to minimize the risk and exposure from external security research.
Most of the new tests are checking for buffer overflow and off-by-one errors. They verify that OEMCrypto correctly handles the case where input buffers are larger than output buffers; total subsamples are larger than samples; and message buffers are much larger than required. OEMCrypto is expected to accept bad input and fail gracefully. Failing these tests is an indication that there might be a security risk.
Because buffer overflow bugs might crash the device or cause a seg fault, these tests might fail and then stop running. For this reason, you cannot assume that your device is passing all of the tests if you don't see FAIL in the output. Instead, you should look for a summary at the end of the test suite output saying that all the tests passed. See the README.md in oemcrypto/test for more details.
Version 16.4
Public release for OEMCrypto API and ODK library version 16.4.