5

I'm trying to implement AES-256-GCM in Ruby.

Ruby's OpenSSL wrapper library and aead library both clearly seem to believe that OpenSSL itself supports this.

However, neither 0.9.8r (which I had installed) nor 1.0.1c (which I updated to w/ macports) seems to have it. 1.0.1c has AES256-GCM-SHA384, but Ruby OpenSSL and aead don't seem to know what to make of it.

Any suggestions?

xpost: https://stackoverflow.com/questions/14698473/why-does-openssl-not-include-aes-256-gcm

ETA: It turns out that this problem is caused by RVM having been built against OpenSSL 0.9.8. (FWIW, this seems to be the case on Ubuntu 10.04, but fixed in 12.04.)

It's easy to test:

require 'openssl'
cipher = OpenSSL::Cipher.new('aes-256-gcm')

# Bad response:   RuntimeError: unsupported cipher algorithm (aes-256-gcm)
# Good response:    #<OpenSSL::Cipher:0x007fc0754764a8>

It's semi easy fix w/ rvm, but it takes a while to fully recompile:

sudo apt-get install aclocal autoconf automake auroreconf apple-gcc42 libtool pkg-config openssl readline libyaml sqlite libxml2 libxslt libksba  
# some but not all are available on macports; seems to work okay without the missing ones
rvm get head
rvm pkg install openssl
rvm reinstall 1.9.3-p194

Thanks to Stephen Touset for hinting at the fix.

Community
  • 1
Sai
  • 259
  • 1
  • 3
  • 7

2 Answers2

19

As the author of the Ruby AEAD library, I can assure you that OpenSSL does support GCM on 1.0.1c.

~ $ /usr/local/bin/openssl version
OpenSSL 1.0.1c 10 May 2012
~ $ /usr/local/bin/openssl enc -help 2>&1 | grep gcm 
-aes-128-gcm
-aes-192-gcm
-aes-256-gcm

If it is unavailable on your platform (OpenSSL added GCM support in 1.0.1, I believe), I have also implemented an CBC-HMAC and CTR-HMAC.

If you've installed a later version of OpenSSL, you need to ensure the Ruby binary you're using is linked against that version. It is probably not. Details for doing this are rbenv- and rvm-specific.

Partly for these reasons, I'm writing a replacement library that will bundle and link against DJB's NaCl instead of OpenSSL.

Stephen Touset
  • 5,736
  • 1
  • 23
  • 38
  • 1
    Buried in your answer was a hint at what my real problem was: namely, the rvm I had installed linked against OpenSSL 0.9.8. – Sai Feb 09 '13 at 20:18
  • `OpenSSL 1.1.1d FIPS 10 Sep 2019` and `fedora 29 x64 workstation` It should be `openssl enc -ciphers | grep aes`. – Nick Dong Mar 07 '20 at 08:31
3

OpenSSL has support for GCM; see for instance this answer. Since GCM has nothing to do with SHA-384, I suppose that you are actually asking about support for AES-256/GCM in the context of a SSL/TLS session. This is supported only with TLS 1.2, so you need client and server to support that version.

Community
  • 1
Tom Leek
  • 168,808
  • 28
  • 337
  • 475
  • I wasn't talking about SSL/TLS, FWIW. I didn't _want_ the SHA384 part of it (we're using ec-dsa for signing). – Sai Feb 09 '13 at 20:25