From 53ecebc71ec132fc8e5fab486c63e13c0925d142 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher <jakobunt@gmail.com>
Date: Sun, 4 Oct 2015 23:55:58 +0200
Subject: [PATCH] openssl AEAD wrapper: handle authenticated data

---
 cryptfs/openssl_aead.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/cryptfs/openssl_aead.go b/cryptfs/openssl_aead.go
index b743a3e..f73924d 100644
--- a/cryptfs/openssl_aead.go
+++ b/cryptfs/openssl_aead.go
@@ -23,8 +23,6 @@ func (be opensslGCM) NonceSize() int {
 // additional data and appends the result to dst, returning the updated
 // slice. The nonce must be NonceSize() bytes long and unique for all
 // time, for a given key.
-//
-// The plaintext and dst may alias exactly or not at all.
 func (be opensslGCM) Seal(dst, nonce, plaintext, data []byte) []byte {
 
 	cipherBuf := bytes.NewBuffer(dst)
@@ -33,6 +31,10 @@ func (be opensslGCM) Seal(dst, nonce, plaintext, data []byte) []byte {
 	if err != nil {
 		panic(err)
 	}
+	err = ectx.ExtraData(data)
+	if err != nil {
+		panic(err)
+	}
 	part, err := ectx.EncryptUpdate(plaintext)
 	if err != nil {
 		panic(err)
@@ -88,6 +90,10 @@ func (be opensslGCM) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
 		return nil, err
 	}
 	plainBuf.Write(part)
+	err = dctx.ExtraData(data)
+	if err != nil {
+		return nil, err
+	}
 
 	return plainBuf.Bytes(), nil
 }