hlsdemux: Support OpenSSL for AES decryption of HLS fragments

https://bugzilla.gnome.org//show_bug.cgi?id=735248

configure.ac

@@ -3001,11 +3001,17 @@ AG_GST_CHECK_FEATURE(HLS, [http live streaming plugin], hls, [
     [
       AC_DEFINE(HAVE_LIBGCRYPT, 1, [Define if libgcrypt is available])
       HAVE_HLS="yes"
+    ], [
+      PKG_CHECK_MODULES(OPENSSL, openssl,
+      [
+        AC_DEFINE(HAVE_OPENSSL, 1, [Define if openssl is available])
+        HAVE_HLS="yes"
       ], [
         HAVE_HLS="no"
       ])
     ])
   ])
+])
 
 else
 

ext/hls/Makefile.am

@@ -12,7 +12,7 @@ libgstfragmented_la_CFLAGS = $(GST_PLUGINS_BAD_CFLAGS) $(GST_PLUGINS_BASE_CFLAGS
 libgstfragmented_la_LIBADD = \
 	$(top_builddir)/gst-libs/gst/uridownloader/libgsturidownloader-@GST_API_VERSION@.la \
 	$(GST_PLUGINS_BASE_LIBS) -lgstpbutils-$(GST_API_VERSION) -lgstvideo-$(GST_API_VERSION) \
-	$(GST_BASE_LIBS) $(GST_LIBS) $(GIO_LIBS) $(LIBM) $(LIBGCRYPT_LIBS) $(NETTLE_LIBS)
+	$(GST_BASE_LIBS) $(GST_LIBS) $(GIO_LIBS) $(LIBM) $(LIBGCRYPT_LIBS) $(NETTLE_LIBS) $(OPENSSL_LIBS)
 libgstfragmented_la_LDFLAGS = $(GST_PLUGIN_LDFLAGS) -no-undefined
 libgstfragmented_la_LIBTOOLFLAGS = $(GST_PLUGIN_LIBTOOLFLAGS)
 

ext/hls/gsthlsdemux.c

@@ -1779,7 +1779,44 @@ gst_hls_demux_switch_playlist (GstHLSDemux * demux)
   return gst_hls_demux_change_playlist (demux, bitrate * demux->bitrate_limit);
 }
 
-#ifdef HAVE_NETTLE
+#if defined(HAVE_OPENSSL)
+static gboolean
+gst_hls_demux_decrypt_start (GstHLSDemux * demux, const guint8 * key_data,
+    const guint8 * iv_data)
+{
+  EVP_CIPHER_CTX_init (&demux->aes_ctx);
+  if (!EVP_DecryptInit_ex (&demux->aes_ctx, EVP_aes_128_cbc (), NULL, key_data,
+          iv_data))
+    return FALSE;
+  EVP_CIPHER_CTX_set_padding (&demux->aes_ctx, 0);
+  return TRUE;
+}
+
+static gboolean
+decrypt_fragment (GstHLSDemux * demux, gsize length,
+    const guint8 * encrypted_data, guint8 * decrypted_data)
+{
+  int len, flen = 0;
+
+  if (G_UNLIKELY (length > G_MAXINT || length % 16 != 0))
+    return FALSE;
+
+  len = (int) length;
+  if (!EVP_DecryptUpdate (&demux->aes_ctx, decrypted_data, &len, encrypted_data,
+          len))
+    return FALSE;
+  EVP_DecryptFinal_ex (&demux->aes_ctx, decrypted_data + len, &flen);
+  g_return_val_if_fail (len + flen == length, FALSE);
+  return TRUE;
+}
+
+static void
+gst_hls_demux_decrypt_end (GstHLSDemux * demux)
+{
+  EVP_CIPHER_CTX_cleanup (&demux->aes_ctx);
+}
+
+#elif defined(HAVE_NETTLE)
 static gboolean
 gst_hls_demux_decrypt_start (GstHLSDemux * demux, const guint8 * key_data,
     const guint8 * iv_data)

ext/hls/gsthlsdemux.h

@@ -29,7 +29,9 @@
 #include "m3u8.h"
 #include "gstfragmented.h"
 #include <gst/uridownloader/gsturidownloader.h>
-#ifdef HAVE_NETTLE
+#if defined(HAVE_OPENSSL)
+#include <openssl/evp.h>
+#elif defined(HAVE_NETTLE)
 #include <nettle/aes.h>
 #include <nettle/cbc.h>
 #else
@@ -129,7 +131,9 @@ struct _GstHLSDemux
   GError *last_error;
 
   /* decryption tooling */
-#ifdef HAVE_NETTLE
+#if defined(HAVE_OPENSSL)
+  EVP_CIPHER_CTX aes_ctx;
+#elif defined(HAVE_NETTLE)
   struct CBC_CTX (struct aes_ctx, AES_BLOCK_SIZE) aes_ctx;
 #else
   gcry_cipher_hd_t aes_ctx;