Skip to content

Bundled BoringSSL symbols are exported globally and collide with other libcrypto (OpenSSL/SQLCipher) #1187

Description

@xander1421

Ran into this building a desktop app that uses LiveKit for calls and also keeps an encrypted SQLite DB (SQLCipher through rusqlite/libsqlite3-sys, built against OpenSSL).

The prebuilt libwebrtc that webrtc-sys ships bundles BoringSSL statically, and it exports all the crypto symbols globally — EVP_*, HMAC, PKCS5_PBKDF2_HMAC, AES_*, RAND_bytes, and so on. The moment anything else in the binary pulls in another libcrypto (OpenSSL in my case), the linker sees the same symbols defined twice and gives up — LNK1169 on MSVC, multiple definition from mold on Linux.

You can force it through with /FORCE:MULTIPLE (or -Wl,--allow-multiple-definition on Linux), but all that does is keep the first definition it sees and drop the rest, so the whole binary ends up using one of the two implementations for everything. In my case SQLCipher was compiled against OpenSSL's headers but got linked to BoringSSL's implementation. Different struct layouts, so it corrupted the heap the first time it actually did crypto — the app crashed natively on the first PRAGMA key when opening the DB, no Rust panic, and it took me ages to even realize it was a linking issue and not a logic bug.

I've got it working by pointing SQLCipher at the same BoringSSL that webrtc already bundles, so there's only one libcrypto in the binary. That works (SQLCipher 4.5.x happens to be BoringSSL-compatible) but it feels fragile and leans on webrtc-sys's prebuilt internals being there and not changing.

Since BoringSSL is an internal detail of webrtc-sys and nobody links against it directly, would it be possible to build the prebuilt with those symbols hidden/localized? Something like -fvisibility=hidden plus an export allowlist for the actual WebRTC API, or an objcopy --localize-symbols / version-script pass on the static lib. Then it wouldn't step on any other crypto library in the same process and people wouldn't need the force-multiple hack (which is a memory-corruption footgun, as above).

Versions: webrtc-sys 0.3.29, livekit 0.7.37. Hit it on both x86_64-pc-windows-msvc and x86_64-unknown-linux-gnu. Happy to put together a minimal repro (SQLCipher + LiveKit in one binary) if that'd help.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions