Skip to content

Commit

Permalink
doc: improve CCM example
Browse files Browse the repository at this point in the history
Applications should never attempt to use the deciphered message
if authentication fails. In reality, this is usually not a problem
since OpenSSL does not disclose the plaintext in this case, but it
is still a design mistake and can lead to critical security problems
in other cipher modes and implementations.

PR-URL: #27396
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rich Trott <rtrott@gmail.com>
  • Loading branch information
tniessen authored and targos committed May 9, 2019
1 parent a5dab9e commit c0cdf30
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions doc/api/crypto.md
Original file line number Diff line number Diff line change
Expand Up @@ -2885,6 +2885,7 @@ try {
decipher.final();
} catch (err) {
console.error('Authentication failed!');
return;
}

console.log(receivedPlaintext);
Expand Down

0 comments on commit c0cdf30

Please sign in to comment.