Herbert Xu <herbert at gondor.apana.org.au> wrote: > rfc8009 is basically the same as authenc. Actually, it's not quite the same :-/ rfc8009 chucks the IV from the encryption into the hash first, but authenc() does not. It may be possible to arrange the buffer so that the assoc data is also the IV buffer. David