widevine-partner/oemcrypto
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
v16.4+opk-beta2
oemcrypto/CHANGELOG.md
Fred Gylys-Colwell 684711a20f Second OPK Partner Beta v16 Release 
See https://developers.google.com/widevine/drm/client/opk
for documentation and an integration guide.

See CHANGELOG.md for details about recent changes.
2022-02-25 12:02:41 -08:00

3.2 KiB
Raw Permalink Blame History

Widevine OEMCrypto, ODK, and OPK Changelog

[TOC]

Version 16.4 plus opk beta 2

Second beta release of the OEMCrypto Porting Kit (OPK), supporting OEMCrypto v16.

The following changes are included with this update:

  • Add makefiles to build OEMCrypto TA and host apps for OP-TEE. See oemcrypto/opk/ports/optee/README.md for information on how to build with make
  • Update missing and outdated files such as odk_message.h and OEMCryptoCENCCommon.h
  • Rename WTPI interface files with common WTPI prefix
  • Add more WTPI unit tests for crypto functions
  • Replace DER parsing code in OEMCrypto TA OPTEE port with mbedtls implementation
  • Update oemcrypto unittests

Using the default make settings and an external OP-TEE repository setup, the OEMCrypto TA port is now buildable for QEMU. Slight changes to environment variables will enable STM32MP1 and NXP iMX8 targets. Keep in mind that the performance capabilities of QEMU and the STM32MP1 platforms do not meet the timing requirements for many oemcrypto unittests; so far we have only passed all tests on the NXP hardware.

This update does not include any Trusty port code.

Version 16.4 plus opk beta

Initial beta release of the OEMCrypto Porting Kit (OPK), supporting OEMCrypto v16.

Version 16.4 doc updates

Documentation updates. All headers have been updated so that documentation may be extracted using Doxygen. Documentation can now be found at https://developers.google.com/widevine/drm/client/oemcrypto

Version 16.4 plus extra tests

We have added several new tests to the OEMCrypto test suite in order to identify and fix certain types of security issues that are being discovered and disclosed by security researchers. Widevine strongly recommends these additional security tests, in order to minimize the risk and exposure from external security research.

Most of the new tests are checking for buffer overflow and off-by-one errors. They verify that OEMCrypto correctly handles the case where input buffers are larger than output buffers; total subsamples are larger than samples; and message buffers are much larger than required. OEMCrypto is expected to accept bad input and fail gracefully. Failing these tests is an indication that there might be a security risk.

Because buffer overflow bugs might crash the device or cause a seg fault, these tests might fail and then stop running. For this reason, you cannot assume that your device is passing all of the tests if you don't see FAIL in the output. Instead, you should look for a summary at the end of the test suite output saying that all the tests passed. See the README.md in oemcrypto/test for more details.

Version 16.4

Public release for OEMCrypto API and ODK library version 16.4.