From 059255aec1717f392e5ae02c7fa2d5d4043cc35c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= <tniessen@tnie.de>
Date: Wed, 24 Apr 2019 22:43:31 +0200
Subject: [PATCH 1/2] doc: improve CCM example

Applications should never attempt to use the deciphered message
if authentication fails. In reality, this is usually not a problem
since OpenSSL does not disclose the plaintext in this case, but it
is still a design mistake and can lead to critical security problems
in other cipher modes and implementations.
---
 doc/api/crypto.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/doc/api/crypto.md b/doc/api/crypto.md
index e6392d2d511442..00a3b2ae5eba72 100644
--- a/doc/api/crypto.md
+++ b/doc/api/crypto.md
@@ -2883,11 +2883,10 @@ const receivedPlaintext = decipher.update(ciphertext, null, 'utf8');
 
 try {
   decipher.final();
+  console.log(receivedPlaintext);
 } catch (err) {
   console.error('Authentication failed!');
 }
-
-console.log(receivedPlaintext);
 ```
 
 ## Crypto Constants

From 60be76b4ffaabf4423056d89c54e17997197d5ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= <tniessen@tnie.de>
Date: Fri, 26 Apr 2019 16:31:21 +0200
Subject: [PATCH 2/2] fixup! doc: improve CCM example

---
 doc/api/crypto.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/doc/api/crypto.md b/doc/api/crypto.md
index 00a3b2ae5eba72..21df0e55987f8b 100644
--- a/doc/api/crypto.md
+++ b/doc/api/crypto.md
@@ -2883,10 +2883,12 @@ const receivedPlaintext = decipher.update(ciphertext, null, 'utf8');
 
 try {
   decipher.final();
-  console.log(receivedPlaintext);
 } catch (err) {
   console.error('Authentication failed!');
+  return;
 }
+
+console.log(receivedPlaintext);
 ```
 
 ## Crypto Constants