AEAD support in enc app

[zakjan]

Is there any particiular reason, why AEAD ciphers are not supported in the enc app? https://github.com/openssl/openssl/blob/master/apps/enc.c#L298

I have implemented as a small part of my thesis, maybe I could polish it and submit a PR.

[mouse07410]

It's been two months - any comments? I too find it strange that enc does not support AEAD.

[nrgiii]

+1. This would be helpful for me too, particularly for OCB cipher (aes-256-ocb, etc)

[chr0n1x]

+1
bump

[paulidale]

See also: #4844 which is incomplete (only GCM) and there are some questions raised about the behaviour on failure and if GCM should be used for storage at all.

[richsalz]

I was just about to say: how to handle failure? Not an easy issue, but it needs to be addressed before this can go.

[kaduk]

There is some more recent discussion on #5026 , and several other issues/pull-requests on this topic.
It is clearly a recurring requested item, but I think we should take a principled stand of not offering a footgun in the form of a utility for streaming AEAD output prior to authentication.

Accordingly, I propose to:

• Add a FAQ entry on the website about AEADs and the enc(1) utility
• Add a note to the enc(1) manual stating that AEAD modes are not and will not be supported due to the issue of having already streamed data in case of verification failure, with a reference to use cms(1) instead

Neither of those need to be addressed before the 1.1.1 release (but both could be done before that release if they are ready), and more importantly, if we did want to add this functionality, it need not be in the 1.1.1 release, so I will apply the post-1.1.1 milestone.