wolfSSL ChaCha20-Poly1305 AEAD Decryption Authentication Bypass Vulnerability

A vulnerability exists in wolfSSL's EVP layer within the ChaCha20-Poly1305 authenticated encryption with associated data (AEAD) decryption process. The issue arises because the decryption function, wolfSSL_EVP_CipherFinal, and similar EVP cipher finalization functions, do not verify the authentication tag before returning plaintext to the caller. As a result, when an application utilizes the EVP API for ChaCha20-Poly1305 decryption, the implementation either computes or accepts the authentication tag but fails to compare it with the expected value, potentially allowing for unauthorized plaintext retrieval.

Impact

Exploitation of this vulnerability could lead to a failure in authentication verification during the decryption process, allowing for the possibility of returning manipulated or unauthorized plaintext to the application.