diff --git a/cryptfs/openssl_aead.go b/cryptfs/openssl_aead.go
index b743a3e..f73924d 100644
--- a/cryptfs/openssl_aead.go
+++ b/cryptfs/openssl_aead.go
@@ -23,8 +23,6 @@ func (be opensslGCM) NonceSize() int {
 // additional data and appends the result to dst, returning the updated
 // slice. The nonce must be NonceSize() bytes long and unique for all
 // time, for a given key.
-//
-// The plaintext and dst may alias exactly or not at all.
 func (be opensslGCM) Seal(dst, nonce, plaintext, data []byte) []byte {
 
 	cipherBuf := bytes.NewBuffer(dst)
@@ -33,6 +31,10 @@ func (be opensslGCM) Seal(dst, nonce, plaintext, data []byte) []byte {
 	if err != nil {
 		panic(err)
 	}
+	err = ectx.ExtraData(data)
+	if err != nil {
+		panic(err)
+	}
 	part, err := ectx.EncryptUpdate(plaintext)
 	if err != nil {
 		panic(err)
@@ -88,6 +90,10 @@ func (be opensslGCM) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
 		return nil, err
 	}
 	plainBuf.Write(part)
+	err = dctx.ExtraData(data)
+	if err != nil {
+		return nil, err
+	}
 
 	return plainBuf.Bytes(), nil
 }