doc: correct description of decipher.setAuthTag in crypto.md

jbuhacoff · codebytere · commit 0c7cf24431f0 · 2020-06-06T22:22:38.000-07:00
Calling `decipher.setAuthTag` after `decipher.update` will result in an error like `Unsupported state or unable to authenticate data`. The example code in [CCM mode](https://nodejs.org/docs/latest-v14.x/api/crypto.html#crypto_ccm_mode) is correct, but to demonstrate the mistake in the documentation you can take the same example and move the `setAuthTag` call to in between `update` and `final` you will see the error.
diff --git a/doc/api/crypto.md b/doc/api/crypto.md
@@ -520,8 +520,9 @@ cipher text should be discarded due to failed authentication. If the tag length
 is invalid according to [NIST SP 800-38D][] or does not match the value of the
 `authTagLength` option, `decipher.setAuthTag()` will throw an error.
 
-The `decipher.setAuthTag()` method must be called before
-[`decipher.final()`][] and can only be called once.
+The `decipher.setAuthTag()` method must be called before [`decipher.update()`][]
+for `CCM` mode or before [`decipher.final()`][] for `GCM` and `OCB` modes.
+`decipher.setAuthTag()` can only be called once.
 
 ### `decipher.setAutoPadding([autoPadding])`
 <!-- YAML
