doc: improve CCM example

tniessen · targos · commit c0cdf30e6e4c · 2019-05-09T18:43:56.000+02:00
Applications should never attempt to use the deciphered message if authentication fails. In reality, this is usually not a problem since OpenSSL does not disclose the plaintext in this case, but it is still a design mistake and can lead to critical security problems in other cipher modes and implementations. PR-URL: #27396 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Rich Trott <rtrott@gmail.com>
diff --git a/doc/api/crypto.md b/doc/api/crypto.md
@@ -2885,6 +2885,7 @@ try {
   decipher.final();
 } catch (err) {
   console.error('Authentication failed!');
+  return;
 }
 
 console.log(receivedPlaintext);

Original file line number	Diff line number	Diff line change
`@@ -2885,6 +2885,7 @@ try {`
`2885`	`2885`	`decipher.final();`
`2886`	`2886`	`} catch (err) {`
`2887`	`2887`	`console.error('Authentication failed!');`
	`2888`	`+ return;`
`2888`	`2889`	`}`
`2889`	`2890`
`2890`	`2891`	`console.log(receivedPlaintext);`