Your message dated Fri, 26 Jun 2026 16:20:39 +0000
with message-id <[email protected]>
and subject line Bug#1139635: fixed in vdeplug-agno 0.1.3-1
has caused the Debian Bug report #1139635,
regarding vdeplug-agno: Build with openssl
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1139635: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139635
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: vdeplug-agno
Version: 0.1.2-1
Severity: important
Tags: patch

Before vdeplug-agno entered Debian it used to require OpenSSL instead of
wolfSSL. For your convenience, I have added a patch that reverts the
commit introducing wolfSSL so that the package can stay in testing and
prevent being autoremoved. See #1023697. Obviously, the Build-Depends
and package description have to be adjusted to libssl-dev instead of
libwolfssl-dev.
From: Bastian Germann <[email protected]>
Subject: Revert "use wolfssl instead of openssl"

This reverts commit 0fb0df7be2a95904d5558544828516a33bff0813.
---
 CMakeLists.txt    |  6 ++--
 libvdeplug_agno.c | 90 ++++++++++++-----------------------------------
 2 files changed, 26 insertions(+), 70 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 318750d..fd45463 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -10,8 +10,8 @@ include(CheckIncludeFile)
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_FORTIFY_SOURCE=2 -O2 -pedantic -Wall 
-Wextra")
 
 set(CMAKE_REQUIRED_QUIET TRUE)
-set(LIBS_REQUIRED vdeplug_mod wolfssl)
-set(HEADERS_REQUIRED strcase.h libvdeplug.h strcase.h wolfssl/options.h 
wolfssl/wolfcrypt/aes.h wolfssl/wolfcrypt/random.h)
+set(LIBS_REQUIRED vdeplug_mod crypto)
+set(HEADERS_REQUIRED strcase.h libvdeplug.h openssl/aes.h openssl/rand.h)
 
 foreach(THISLIB IN LISTS LIBS_REQUIRED)
   find_library(LIB${THISLIB}_OK ${THISLIB})
@@ -31,7 +31,7 @@ add_definitions(-D_GNU_SOURCE)
 include_directories(${CMAKE_CURRENT_SOURCE_DIR})
 
 add_library(vdeplug_agno SHARED libvdeplug_agno.c)
-target_link_libraries(vdeplug_agno vdeplug_mod wolfssl)
+target_link_libraries(vdeplug_agno vdeplug_mod ssl crypto)
 
 install(TARGETS vdeplug_agno DESTINATION ${CMAKE_INSTALL_LIBDIR}/vdeplug)
 
diff --git a/libvdeplug_agno.c b/libvdeplug_agno.c
index 28c0e3e..752df22 100644
--- a/libvdeplug_agno.c
+++ b/libvdeplug_agno.c
@@ -1,6 +1,6 @@
 /*
  * VDE - libvdeplug_agno agnostic encrypted vde net (aes encoded)
- * Copyright (C) 2017-2020 Renzo Davoli VirtualSquare
+ * Copyright (C) 2017 Renzo Davoli VirtualSquare
  * contributions by Michele Nalli
  *
  * This library is free software; you can redistribute it and/or modify it
@@ -18,7 +18,6 @@
  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301, USA
  */
 
-//#define DEBUG_DISABLE_ENCRYPTION
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
@@ -34,19 +33,17 @@
 #include <net/if.h>
 #include <net/ethernet.h>
 #include <arpa/inet.h>
-#ifndef DEBUG_DISABLE_ENCRYPTION
-#include <wolfssl/options.h>
-#include <wolfssl/wolfcrypt/aes.h>
-#include <wolfssl/wolfcrypt/random.h>
-#endif
+#include <openssl/aes.h>
+#include <openssl/rand.h>
 #include <libvdeplug.h>
 #include <libvdeplug_mod.h>
 #include <strcase.h>
 
    // 128-bit key
-   // e.g. echo secret | md5sum
+   // openssl enc -aes-128-cbc -k secret -P -md sha1
 
 #define DEFAULT_KEYFILE ".vde_agno_key"
+//#define DEBUG_DISABLE_ENCRYPTION
 
 static VDECONN *vde_agno_open(char *vde_url, char *descr, int 
interface_version,
                struct vde_open_args *open_args);
@@ -81,9 +78,8 @@ struct vde_agno_conn {
        struct vdeplug_module *module;
        VDECONN *conn;
        uint16_t ether_type;
-       Aes ekey;                       /* Encryption key */
-       Aes dkey;                       /* Decryption key */
-       WC_RNG rng;
+       AES_KEY ekey;                   /* Encryption key */
+       AES_KEY dkey;                   /* Decryption key */
 };
 
 /* Declaration of the module sructure */
@@ -229,7 +225,7 @@ static VDECONN *vde_agno_open(char *vde_url, char *descr, 
int interface_version,
                                                         }
                                                         if (type == 0)
                                                                 
newconn->ether_type = htons(AGNO_TYPE);
-                                                        else if (type >= 0x600 
&& type < 0xffff)
+                                                        else if (type >= 0x600 
&& type < 0xffff) 
                                                                 /* The input 
tag is valid */
                                                                 
newconn->ether_type = htons(type);
                                                         else {
@@ -240,9 +236,8 @@ static VDECONN *vde_agno_open(char *vde_url, char *descr, 
int interface_version,
        }
        /* Set key as encryption and decryption key */
 #ifndef DEBUG_DISABLE_ENCRYPTION
-       wc_AesSetKey(&newconn->ekey, cryptkey, sizeof(cryptkey), NULL, 
AES_ENCRYPTION);
-       wc_AesSetKey(&newconn->dkey, cryptkey, sizeof(cryptkey), NULL, 
AES_DECRYPTION);
-       wc_InitRng(&newconn->rng);
+       AES_set_encrypt_key(cryptkey, sizeof(cryptkey) * 8, &newconn->ekey);
+       AES_set_decrypt_key(cryptkey, sizeof(cryptkey) * 8, &newconn->dkey);
 #endif
        return (VDECONN *) newconn;
 
@@ -251,40 +246,6 @@ error:
        return NULL;
 }
 
-/* wc_AesCbcEncrypt + padding */
-static inline int pad_AesCbcEncrypt(Aes* aes, byte* out,
-                                  const byte* in, word32 sz) {
-       int rv;
-       word32 szcomplete = sz & ~(AES_BLOCK_SIZE - 1);
-       rv = wc_AesCbcEncrypt(aes, out, in, szcomplete);
-       if (szcomplete != sz && rv == 0) {
-               word32 i;
-               byte buf[AES_BLOCK_SIZE];
-               for (i = 0; szcomplete + i < sz; i++)
-                       buf[i] = in[szcomplete + i];
-               for( ; i < AES_BLOCK_SIZE; i++)
-                       buf[i] = 0;
-               rv = wc_AesCbcEncrypt(aes, out + szcomplete, buf, 
AES_BLOCK_SIZE);
-       }
-       return rv;
-}
-
-/* pad_AesCbcDecrypt + padding */
-static inline int pad_AesCbcDecrypt(Aes* aes, byte* out,
-                                 const byte* in, word32 sz) {
-       int rv;
-       word32 szcomplete = sz & ~(AES_BLOCK_SIZE - 1);
-       rv = wc_AesCbcDecrypt(aes, out, in, szcomplete);
-       if (szcomplete != sz && rv == 0) {
-               word32 i;
-               byte buf[AES_BLOCK_SIZE];
-               rv = pad_AesCbcDecrypt(aes, buf, in + szcomplete, 
AES_BLOCK_SIZE);
-               for (i = 0; szcomplete + i < sz; i++)
-                       out[szcomplete + i] = buf[i];
-       }
-       return rv;
-}
-
 static ssize_t vde_agno_recv(VDECONN *conn, void *buf, size_t len, int flags) {
        struct vde_agno_conn *vde_conn = (struct vde_agno_conn *)conn;
        /*  */
@@ -306,7 +267,7 @@ static ssize_t vde_agno_recv(VDECONN *conn, void *buf, 
size_t len, int flags) {
 #ifdef DEBUG_DISABLE_ENCRYPTION
        memcpy(&ahdr, encbuf + sizeof(*ehdr), sizeof(ahdr));
 #else
-       wc_AesEcbDecrypt(&vde_conn->dkey, (unsigned char *)&ahdr, encbuf + 
sizeof(*ehdr), AES_BLOCK_SIZE);
+       AES_ecb_encrypt(encbuf + sizeof(*ehdr), (unsigned char *)&ahdr, 
&vde_conn->dkey, AES_DECRYPT);
 #endif
        /* Tag check */
        if (ahdr.tag != AGNO_TAG)
@@ -320,10 +281,10 @@ static ssize_t vde_agno_recv(VDECONN *conn, void *buf, 
size_t len, int flags) {
 #ifdef DEBUG_DISABLE_ENCRYPTION
        memcpy(((unsigned char *) buf) + ETH_HEADER_SIZE, encbuf + 
sizeof(*ehdr) + sizeof(ahdr), retval - ETH_HEADER_SIZE); //Decrypt 2
 #else
-       wc_AesSetIV(&vde_conn->dkey, iv_dec);
-       pad_AesCbcDecrypt(&vde_conn->dkey, ((unsigned char *) buf) + 
ETH_HEADER_SIZE,
+       AES_cbc_encrypt(
                        encbuf + sizeof(*ehdr) + sizeof(ahdr),
-                       retval - ETH_HEADER_SIZE);
+                       ((unsigned char *) buf) + ETH_HEADER_SIZE,
+                       retval - ETH_HEADER_SIZE, &vde_conn->dkey, iv_dec, 
AES_DECRYPT);
 #endif
        return retval;
 error:
@@ -368,24 +329,23 @@ static ssize_t vde_agno_send(VDECONN *conn, const void 
*buf, size_t len, int fla
        }
        /* Complete initialization of agno header */
 #ifndef DEBUG_DISABLE_ENCRYPTION
-       wc_RNG_GenerateBlock(&vde_conn->rng, ahdr.rand, 4);
+       RAND_bytes(ahdr.rand, 4);
 #endif
        /* Encrypt agno header */
 #ifdef DEBUG_DISABLE_ENCRYPTION
        memcpy(encbuf + sizeof(*ehdr), &ahdr, sizeof(ahdr));
 #else
-       wc_AesEcbEncrypt(&vde_conn->ekey, encbuf + sizeof(*ehdr), (unsigned 
char *)&ahdr, AES_BLOCK_SIZE);
+       AES_ecb_encrypt((unsigned char *)&ahdr, encbuf + sizeof(*ehdr), 
&vde_conn->ekey, AES_ENCRYPT);
 #endif
        memcpy(iv_enc, &ahdr, sizeof(iv_enc));
        /* Encrypt payload */
 #ifdef DEBUG_DISABLE_ENCRYPTION
        memcpy(encbuf + sizeof(*ehdr) + sizeof(ahdr), ((const unsigned char *) 
buf) + ETH_HEADER_SIZE, len - ETH_HEADER_SIZE);
 #else
-       wc_AesSetIV(&vde_conn->ekey, iv_enc);
-       pad_AesCbcEncrypt(&vde_conn->ekey,
+       AES_cbc_encrypt(
+                       ((const unsigned char *) buf) + ETH_HEADER_SIZE,
                        encbuf + sizeof(*ehdr) + sizeof(ahdr),
-                       ((unsigned char *) buf) + ETH_HEADER_SIZE,
-                       len - ETH_HEADER_SIZE);
+                       len - ETH_HEADER_SIZE, &vde_conn->ekey, iv_enc, 
AES_ENCRYPT);
 #endif
        retval = vde_send(vde_conn->conn, encbuf, enclen, flags);
        if (retval == enclen)
@@ -405,12 +365,8 @@ static int vde_agno_ctlfd(VDECONN *conn) {
 }
 
 static int vde_agno_close(VDECONN *conn) {
-       struct vde_agno_conn *vde_conn = (struct vde_agno_conn *)conn;
-       int rv;
-#ifndef DEBUG_DISABLE_ENCRYPTION
-       wc_FreeRng(&vde_conn->rng);
-#endif
-       rv = vde_close(vde_conn->conn);
-       free(vde_conn);
-       return rv;
+  struct vde_agno_conn *vde_conn = (struct vde_agno_conn *)conn;
+  int rv = vde_close(vde_conn->conn);
+  free(vde_conn);
+  return rv;
 }

--- End Message ---
--- Begin Message ---
Source: vdeplug-agno
Source-Version: 0.1.3-1
Done: Renzo Davoli <[email protected]>

We believe that the bug you reported is fixed in the latest version of
vdeplug-agno, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Renzo Davoli <[email protected]> (supplier of updated vdeplug-agno package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 26 Jun 2026 15:44:38 +0200
Source: vdeplug-agno
Binary: libvdeplug-agno libvdeplug-agno-dbgsym
Architecture: source amd64
Version: 0.1.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian VirtualSquare Team <[email protected]>
Changed-By: Renzo Davoli <[email protected]>
Description:
 libvdeplug-agno - libvdeplug plugin for encryption
Closes: 1139635
Changes:
 vdeplug-agno (0.1.3-1) unstable; urgency=medium
 .
   * New upstream version 0.1.3 (Closes: #1139635)
   * d/control update standard to 4.7.4. no changes needed.
   * d/control update debhelper-compat to 14
   * add --without=single-binary to dh call in d/rules
Checksums-Sha1:
 0c20750b7bd127798f01332533d83d50cd9aea51 2104 vdeplug-agno_0.1.3-1.dsc
 b824f684cab2d6346b36132f13d74064a3570c46 17755 vdeplug-agno_0.1.3.orig.tar.gz
 2db369b66e06b195a0541bffaa344796dae5db95 2356 
vdeplug-agno_0.1.3-1.debian.tar.xz
 9a4dbbdff20355afcfe9bf34d9d382aa264c3070 14768 
libvdeplug-agno-dbgsym_0.1.3-1_amd64.deb
 bae7db129846485ca32a8e50d8c7e6d440e75138 8688 libvdeplug-agno_0.1.3-1_amd64.deb
 d66e8b9be05f77b85ded315323d2e33a528ba5cc 8174 
vdeplug-agno_0.1.3-1_amd64.buildinfo
Checksums-Sha256:
 412f2afb09d30fb1dee86aefaba3487a38bd03080b426def628ccd8b1ea96c93 2104 
vdeplug-agno_0.1.3-1.dsc
 33dd3fdf88b2701867ce1fcd33f3691494dec5a43acff96e54ea994b4d4e1204 17755 
vdeplug-agno_0.1.3.orig.tar.gz
 ba0f1c69ef8bc95b8a4170ad99869792ccebb6941050567d459333c732189548 2356 
vdeplug-agno_0.1.3-1.debian.tar.xz
 199ad40cb97df79ebe57177d4df732dda1ef65a8e31b22266c688887320f3559 14768 
libvdeplug-agno-dbgsym_0.1.3-1_amd64.deb
 09bc7c2128d58ebbea8a17924f77b0471f160bac186555eb29ca609d0a93ff3c 8688 
libvdeplug-agno_0.1.3-1_amd64.deb
 ed7e098a7ae6c9bc935f1fc662d651d3c853775e5937f20bbbeb892689480cf1 8174 
vdeplug-agno_0.1.3-1_amd64.buildinfo
Files:
 1cc6c084e85aac17770acaa118e7db85 2104 libs optional vdeplug-agno_0.1.3-1.dsc
 d47a5b6a0a9774ab71d13d064481228f 17755 libs optional 
vdeplug-agno_0.1.3.orig.tar.gz
 01a0cd18a604532c857b1c65490d5f2a 2356 libs optional 
vdeplug-agno_0.1.3-1.debian.tar.xz
 c2681bb062b5b7dbf802ace0826acdd5 14768 debug optional 
libvdeplug-agno-dbgsym_0.1.3-1_amd64.deb
 f05bcb5569630b12c90f9ec259f427a2 8688 libs optional 
libvdeplug-agno_0.1.3-1_amd64.deb
 801ec3a9613e7bbd21ecda18ad4594b1 8174 libs optional 
vdeplug-agno_0.1.3-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEuvF7L/gvPxFN/uEULGX3ntMo5hsFAmo+ojYACgkQLGX3ntMo
5hsEDhAAujS15KwTv8s9M+fT31T3k1Gx8fnGEq6fG9BaecXEQVwCBqz5iPL9+aTF
+MCJRNlraRCZZMU9MuYIYXnmi3SlAUrOYxq5lgnGGUXFuKeNEP3LS2bTjCwGKdMy
qtGgZbSpi1E5QXdLzptrE3pO2qf01GPR0VE8oEaTO2hlNHR66P3r0qPQz7PBiWtZ
YUIdwDOpEZeUfN0aEnZy94ZDalawWsnNU+lDJObONqkMmRCO2QrGgdyf0yLJs8ze
BJhP31CoYKuex4YKSeDVFKwVImX9LIo1HaxJh+cJ/OvC1v5brj33fI6IxHbIGPdc
Wn2iqdnRWl32BwhIaK04fuqSYUkqn7n8JGYNS5AL8DRvuhSZZaBLn1Tl078HNZ+Q
ZP65Pul/PcXtEiEcpEvqTHpp1EcfPtG8vMUwPyzYGgUxSWJiIeLgmgTKA1KWxqsw
0lRdn9vfGEBtV55+kvnKG/HG7SRcrnM3XYiUIVx1GQRAErvo9SpXsBSz1KpiHQ/c
9yC0aQKuO72pLJoyEMlKKR/gWqTsxF2TVPo+hgnV8a5aoNqLHq8VCXgSVVKZbXUF
9XbDaDe8vEchxbmPnLyFLdVZOLpV5ziGnvvv2b1mkGaR4R3hT8n7rWmXZ1lKH+4z
hCqwRfO8AKSd+wdsh84Do5w20BEhU01AGOHiOxJ7GCBPVQ7mAjg=
=UBQO
-----END PGP SIGNATURE-----

Attachment: pgpUICswZUZG3.pgp
Description: PGP signature


--- End Message ---

Reply via email to