Random Access Decryption (ring, openssl, AES-GCM)

Hi all. Disclaimer...I am relatively new to Rust, but I do have deep experience in java, including some advanced encryption/decryption support.

In learning cryptography from a rust perspective, I'm interested to re-enact a previous use case I encountered in work, namely, random access decryption given an arbitrary (but legal!) offset. This was easily achieved using AES-CBC and later AES-CFB, as computing the correct IV is trivial in these cases.

In choosing ring to handle symmetric encryption, it seems that I am constraining myself to AEAD algorithms, so I chose AES-GCM...this is a choice I am in theory perfectly happy with.

My reading leads me to believe that computing the IV is relatively straightforward for AES-GCM as well, especially if you limit yourself to a 12 byte nonce. I am, however, stumped at the mechanism by which I can drive the ring API to handle a "calculated" IV. The API I have explored so far only appears to support "all or nothing"...perhaps this is due to the difficulties around performing the authentication portion? Am I simply using the wrong library for the use case I have in mind?

I attempted to decrypt just the first block, but this fails:

let symm_algo = &AES_256_GCM;
let mut in_out = content.clone();

let mut nonce_vec : Vec<u8> = vec![0; 12];
let rand = SystemRandom::new();
rand.fill(&mut nonce_vec).unwrap();

let mut nonce: [u8; 12] = [0; 12];
nonce.copy_from_slice(&nonce_vec[0..12]);

let unbound_key = UnboundKey::new(symm_algo, &key).unwrap();
let less_safe_key = LessSafeKey::new(unbound_key);

less_safe_key.seal_in_place_append_tag(Nonce::assume_unique_for_key(nonce), Aad::from(&additional_data), &mut in_out).unwrap();


let decrypted_data = less_safe.open_in_place(Nonce::assume_unique_for_key(nonce), Aad::from(&additional_data), &mut in_out[0..16]).unwrap();

perhaps predictably this failed, as there is none of the tag information.

Can anyone offer any insight or examples for how to do random access decryption using ring? Or am I better off finding another library? I don't mind losing the authentication aspect, but as previously stated, ring appears to only support AEAD algorithms.