Files
wolfssl/tests
Tobias Frauenschläger f207e18f7a evp: verify Poly1305 tag on ChaCha20-Poly1305 decrypt
EVP_DecryptFinal_ex() called wc_ChaCha20Poly1305_Final() which only
computes the Poly1305 tag, writing it into ctx->authTag and
overwriting the expected tag stored there by EVP_CTRL_AEAD_SET_TAG.
No comparison was ever performed, so any forged tag was accepted.

Fix: save the expected tag before calling Final(), then verify with
wc_ChaCha20Poly1305_CheckTag() on the decrypt path, mirroring the
existing AES-GCM branch. Add a regression test that asserts
EVP_DecryptFinal_ex() rejects an all-zero forged tag.

Reported-by: Nicholas Carlini (Anthropic) & Bronson Yen (Calif.io)
2026-03-31 14:31:24 +02:00
..
2026-03-18 10:48:16 +01:00
2020-12-17 14:26:49 +01:00
2026-03-12 09:53:35 -06:00
2026-02-18 09:52:21 -07:00
2026-03-18 10:48:16 +01:00
2022-01-31 15:29:25 -05:00
2022-01-31 15:29:25 -05:00
2024-01-16 15:18:05 -08:00
2026-01-28 07:37:29 +10:00
2026-02-25 15:19:13 +01:00
2026-02-25 15:19:13 +01:00
2020-07-20 15:03:48 -07:00
2022-01-31 15:29:25 -05:00
2022-06-01 10:36:01 +10:00
2022-02-23 09:47:34 +01:00
2024-01-16 15:18:05 -08:00
2020-12-17 14:26:49 +01:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00

Before creating any new configure files (.conf) read the CONF_FILES_README.md