steam statically links against openssl build without engine support

[msmeissn]

Your system information

• Steam client version: 20160812
• Distribution (e.g. Ubuntu): openSUSE Tumbleweed
• Opted into Steam client beta?: [Yes/No] No
• Have you checked for system updates?: [Yes/No] Yes

Please describe your issue in as much detail as possible:

Describe what you expected should happen and what did happen. Please link any large code pastes as a Github Gist

While debugging crashes on openSUSE Tumbleweed I see:

RSA_new is called in the "steam" binary, which likely links against a static build of openssl.
Later on from steamclient.so RSA_free() is called dynamically.

The RSA_new in "steam" itself is in an libcrypto without ENGINE support, the dynamic distribution libraries are however build with ENGINE support.

This RSA_new leads to the RSA struct having an uninitialized "engine" member, which is however accessed by the dynamic library and lead to crashes.

Steps for reproducing this issue:

[msmeissn]

i sent openssl this kind of pull request openssl/openssl#1539
which could be locally applied by the steam devs too.

[GreatBigWhiteWorld]

So will this be fixed by some one?

[boombatower]

Thanks @msmeissn!

This fix released in openSUSE Tumbleweed 20160924 and confirmed to work. Would be nice to see Valve take advantage of the work done here to fix and thus solve for all distros.

[kisak-valve]

Hello @msmeissn, are you still experiencing this issue on an up to date system?

Mesa 17.0 imported an SHA-1 implementation for shader caching, which should have removed the main factor that caused users to encounter the crashes related to this issue.

[msmeissn]

I am not using it, i was just reporting a problem by one of our users at that time.

For me it can be closed.