GNOME Bugzilla – Bug 701673
hlsdemux: Does not implement pkcs7 unpadding for encrypted streams
Last modified: 2013-07-23 11:32:28 UTC
There seems to be missing the pkcs7 unpadding implementation. Looking at source code, the unencrypted buffer is same size as encrypted buffer, and a buffer of same size is returned. http://tools.ietf.org/html/rfc3602#section-2.4 The encrypted fragment will always have padding, so it has to be removed or corrupted data my be streamed. To remove the padding the last byte for the unecrypted message has to be readed, casted to gsize, and then decreace the unencrypted buffer's size by that value. Here is a sample with hls AES 128 + CBC encryption http://gl.dlatv.net/demohls/TestCON-AES/playlist.m3u8 Thanks.
There are patches mentioned in bug #698155 which might contain a fix for this (but needs to be ported to 1.0).
Created attachment 246666 [details] [review] diff for adding decryption to hls. Requested by slomo
This patch here needs to be ported to git master too, it not only adds the unpadding but the complete AES128 support
commit b9124cad884205c7db716a634737964297c9d85b Author: Sebastian Dröge <slomo@circular-chaos.org> Date: Tue Jul 23 13:29:18 2013 +0200 hlsdemux: Implement pkcs7 unpadding Every encrypted fragment will be a multiple of 128 bits, the last byte contains the number of bytes that were added as padding in the end and should be removed. https://bugzilla.gnome.org/show_bug.cgi?id=701673