hlsdemux: Support OpenSSL for AES decryption of HLS fragments

https://bugzilla.gnome.org//show_bug.cgi?id=735248

4 files changed, 52 insertions, 5 deletions

diff --git a/configure.ac b/configure.ac
index 509e2ae7a..796fe1800 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3002,7 +3002,13 @@ AG_GST_CHECK_FEATURE(HLS, [http live streaming plugin], hls, [
       AC_DEFINE(HAVE_LIBGCRYPT, 1, [Define if libgcrypt is available])
       HAVE_HLS="yes"
     ], [
-      HAVE_HLS="no"
+      PKG_CHECK_MODULES(OPENSSL, openssl,
+      [
+        AC_DEFINE(HAVE_OPENSSL, 1, [Define if openssl is available])
+        HAVE_HLS="yes"
+      ], [
+        HAVE_HLS="no"
+      ])
     ])
   ])
 ])
diff --git a/ext/hls/Makefile.am b/ext/hls/Makefile.am
index cedf183dd..c32740309 100644
--- a/ext/hls/Makefile.am
+++ b/ext/hls/Makefile.am
@@ -12,7 +12,7 @@ libgstfragmented_la_CFLAGS = $(GST_PLUGINS_BAD_CFLAGS) $(GST_PLUGINS_BASE_CFLAGS
 libgstfragmented_la_LIBADD = \
 	$(top_builddir)/gst-libs/gst/uridownloader/libgsturidownloader-@GST_API_VERSION@.la \
 	$(GST_PLUGINS_BASE_LIBS) -lgstpbutils-$(GST_API_VERSION) -lgstvideo-$(GST_API_VERSION) \
-	$(GST_BASE_LIBS) $(GST_LIBS) $(GIO_LIBS) $(LIBM) $(LIBGCRYPT_LIBS) $(NETTLE_LIBS)
+	$(GST_BASE_LIBS) $(GST_LIBS) $(GIO_LIBS) $(LIBM) $(LIBGCRYPT_LIBS) $(NETTLE_LIBS) $(OPENSSL_LIBS)
 libgstfragmented_la_LDFLAGS = $(GST_PLUGIN_LDFLAGS) -no-undefined
 libgstfragmented_la_LIBTOOLFLAGS = $(GST_PLUGIN_LIBTOOLFLAGS)
 
diff --git a/ext/hls/gsthlsdemux.c b/ext/hls/gsthlsdemux.c
index c343fc5d0..bf4a273e0 100644
--- a/ext/hls/gsthlsdemux.c
+++ b/ext/hls/gsthlsdemux.c
@@ -1779,7 +1779,44 @@ gst_hls_demux_switch_playlist (GstHLSDemux * demux)
   return gst_hls_demux_change_playlist (demux, bitrate * demux->bitrate_limit);
 }
 
-#ifdef HAVE_NETTLE
+#if defined(HAVE_OPENSSL)
+static gboolean
+gst_hls_demux_decrypt_start (GstHLSDemux * demux, const guint8 * key_data,
+    const guint8 * iv_data)
+{
+  EVP_CIPHER_CTX_init (&demux->aes_ctx);
+  if (!EVP_DecryptInit_ex (&demux->aes_ctx, EVP_aes_128_cbc (), NULL, key_data,
+          iv_data))
+    return FALSE;
+  EVP_CIPHER_CTX_set_padding (&demux->aes_ctx, 0);
+  return TRUE;
+}
+
+static gboolean
+decrypt_fragment (GstHLSDemux * demux, gsize length,
+    const guint8 * encrypted_data, guint8 * decrypted_data)
+{
+  int len, flen = 0;
+
+  if (G_UNLIKELY (length > G_MAXINT || length % 16 != 0))
+    return FALSE;
+
+  len = (int) length;
+  if (!EVP_DecryptUpdate (&demux->aes_ctx, decrypted_data, &len, encrypted_data,
+          len))
+    return FALSE;
+  EVP_DecryptFinal_ex (&demux->aes_ctx, decrypted_data + len, &flen);
+  g_return_val_if_fail (len + flen == length, FALSE);
+  return TRUE;
+}
+
+static void
+gst_hls_demux_decrypt_end (GstHLSDemux * demux)
+{
+  EVP_CIPHER_CTX_cleanup (&demux->aes_ctx);
+}
+
+#elif defined(HAVE_NETTLE)
 static gboolean
 gst_hls_demux_decrypt_start (GstHLSDemux * demux, const guint8 * key_data,
     const guint8 * iv_data)
diff --git a/ext/hls/gsthlsdemux.h b/ext/hls/gsthlsdemux.h
index 76f6f84d1..d6f2207cb 100644
--- a/ext/hls/gsthlsdemux.h
+++ b/ext/hls/gsthlsdemux.h
@@ -29,7 +29,9 @@
 #include "m3u8.h"
 #include "gstfragmented.h"
 #include <gst/uridownloader/gsturidownloader.h>
-#ifdef HAVE_NETTLE
+#if defined(HAVE_OPENSSL)
+#include <openssl/evp.h>
+#elif defined(HAVE_NETTLE)
 #include <nettle/aes.h>
 #include <nettle/cbc.h>
 #else
@@ -129,7 +131,9 @@ struct _GstHLSDemux
   GError *last_error;
 
   /* decryption tooling */
-#ifdef HAVE_NETTLE
+#if defined(HAVE_OPENSSL)
+  EVP_CIPHER_CTX aes_ctx;
+#elif defined(HAVE_NETTLE)
   struct CBC_CTX (struct aes_ctx, AES_BLOCK_SIZE) aes_ctx;
 #else
   gcry_cipher_hd_t aes_ctx;