From 0c7cf24431f01c3fc9b9fde7b85354fe3fc979f1 Mon Sep 17 00:00:00 2001 From: Jonathan Buhacoff Date: Mon, 27 Apr 2020 09:19:30 -0700 Subject: [PATCH] doc: correct description of `decipher.setAuthTag` in crypto.md Calling `decipher.setAuthTag` after `decipher.update` will result in an error like `Unsupported state or unable to authenticate data`. The example code in [CCM mode](https://nodejs.org/docs/latest-v14.x/api/crypto.html#crypto_ccm_mode) is correct, but to demonstrate the mistake in the documentation you can take the same example and move the `setAuthTag` call to in between `update` and `final` you will see the error. --- doc/api/crypto.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 5b84cd18359675..b777275acd4102 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -520,8 +520,9 @@ cipher text should be discarded due to failed authentication. If the tag length is invalid according to [NIST SP 800-38D][] or does not match the value of the `authTagLength` option, `decipher.setAuthTag()` will throw an error. -The `decipher.setAuthTag()` method must be called before -[`decipher.final()`][] and can only be called once. +The `decipher.setAuthTag()` method must be called before [`decipher.update()`][] +for `CCM` mode or before [`decipher.final()`][] for `GCM` and `OCB` modes. +`decipher.setAuthTag()` can only be called once. ### `decipher.setAutoPadding([autoPadding])`