From c0cdf30e6e4c31fd0c95457f418f6de58f2fd8e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= <tniessen@tnie.de>
Date: Wed, 24 Apr 2019 22:43:31 +0200
Subject: [PATCH] doc: improve CCM example

Applications should never attempt to use the deciphered message
if authentication fails. In reality, this is usually not a problem
since OpenSSL does not disclose the plaintext in this case, but it
is still a design mistake and can lead to critical security problems
in other cipher modes and implementations.

PR-URL: https://github.com/nodejs/node/pull/27396
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rich Trott <rtrott@gmail.com>
---
 doc/api/crypto.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/api/crypto.md b/doc/api/crypto.md
index e6392d2d511442..21df0e55987f8b 100644
--- a/doc/api/crypto.md
+++ b/doc/api/crypto.md
@@ -2885,6 +2885,7 @@ try {
   decipher.final();
 } catch (err) {
   console.error('Authentication failed!');
+  return;
 }
 
 console.log(receivedPlaintext);