From 9e340357df763fcaa06376e14857dec468787e99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Wed, 10 Jul 2019 16:35:06 +0200 Subject: [PATCH] doc: relax requirements for setAAD in CCM mode This was fixed in OpenSSL 1.1.1c (openssl/openssl@b48e3be947). The authentication tag can now be specified after setAAD was called, matching the behavior of the other supported AEAD modes (GCM, OCB). Refs: https://github.com/openssl/openssl/pull/7243 PR-URL: https://github.com/nodejs/node/pull/28624 Reviewed-By: Colin Ihrig Reviewed-By: Luigi Pinca Reviewed-By: Ruben Bridgewater Reviewed-By: Rich Trott --- doc/api/crypto.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 93098a6f3edc2b..6f05f012681af2 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -2837,7 +2837,7 @@ mode must adhere to certain restrictions when using the cipher API: bytes (`7 ≤ N ≤ 13`). - The length of the plaintext is limited to `2 ** (8 * (15 - N))` bytes. - When decrypting, the authentication tag must be set via `setAuthTag()` before - specifying additional authenticated data or calling `update()`. + calling `update()`. Otherwise, decryption will fail and `final()` will throw an error in compliance with section 2.6 of [RFC 3610][]. - Using stream methods such as `write(data)`, `end(data)` or `pipe()` in CCM