OpenSSL::HMACError: EVP_PKEY_new_mac_key: malloc failure in rails app

Question

I'm working on a rails app and I have this weird error that I don't know how to fix it. Some of my tests are failing when running JWT.encode and the error message is:

/Users/chille/.rbenv/versions/3.1.1/lib/ruby/3.1.0/openssl/hmac.rb:36:in `initialize': EVP_PKEY_new_mac_key: malloc failure (OpenSSL::HMACError)

I reinstalled ruby 3.1.1 and also reinstalled OpenSSL to use the opensssl@3 version since that one is compatible with ruby 3 but no success.

I would appreciate it if anyone have any clue on how to solve this.

• MAC OS Monterrey 12.6.1
• Ruby 3.1.1
• Rails 7

Answer 1

I was having same issue. It's a compatibility issue between OpenSSL@1.1 and OpenSSL@3.0.7 on ruby version 3.1.0 and above. so I fixed by by following steps:

1. Uninstall ruby 3.1.1
2. Go to .rbenv/plugins/ruby-build/share/ruby-build/3.1.1

Inside, this file you have installation package openssl@3.0.7 and ruby@3.1.1

install_package "openssl-3.0.7" "https://www.openssl.org/source/openssl-3.0.7.tar.gz#83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e" openssl --if needs_openssl_102_300
install_package "ruby-3.1.1" "https://cache.ruby-lang.org/pub/ruby/3.1/ruby-3.1.1.tar.gz#fe6e4782de97443978ddba8ba4be38d222aa24dc3e3f02a6a8e7701c0eeb619d" ldflags_dirs enable_shared standard verify_openssl

Now, change 1st line with openssl@1.1 package:

install_package "openssl-1.1.1s" "https://www.openssl.org/source/openssl-1.1.1s.tar.gz#c5ac01e760ee6ff0dab61d6b2bbd30146724d063eb322180c6f18a6f74e4b6aa" openssl --if needs_openssl_101_111

After, changing line inside .rbenv/plugins/ruby-build/share/ruby-build/3.1.1 file. Install ruby version 3.1.1 using following installation instructions from https://github.com/rbenv/rbenv#installing-ruby-versions. Use:

rbenv install 3.1.1 --verbose

You will see openssl@1.1 being installed and will resolve this issue.

For more, follow my medium post: openssl-hmacerror-on-ruby

Answer 2

I believe this is a compatibility issue between OpenSSL 1.1 and now OpenSSL 3 (which Ruby 3 has moved to). Gems like ruby-jwt are sorting through those compatibility issues: https://github.com/jwt/ruby-jwt/issues/495

Supposedly, version v2.5.0 of JWT added support for OpenSSL >= 3.0, a clean install (or upgrade if you're not on that version) of JWT should solve the issue if they supported OpenSSL 3.0 correctly.

-- edit --

Update: Actually looks like they acknowledge that this was a bug in https://github.com/jwt/ruby-jwt/issues/526 and it has since been fixed in Ruby's OpenSSL and JWT but only as of ~2 weeks ago, so no new version has been cut for it as of yet.

-- while we wait for the fix... --

In the meantime, if you don't directly need OpenSSL 3, you could rebuild your ruby using OpenSSL 1.1

Assuming you've install openssl@1.1 via homebrew and are using asdf to manage your Ruby versions (though this env option works for anything using ruby-build):

RUBY_CONFIGURE_OPTS="--with-openssl-dir=$(brew --prefix openssl@1.1)" asdf install ruby 3.1.1