electron: Crash while doing setPrivateKey on ECDH

  • Output of node_modules/.bin/electron --version: v4.0.1
  • Operating System (Platform and Version): Windows 10 1809 (64 bit)
  • Output of node_modules/.bin/electron --version on last known working Electron version (if applicable): v3.1.1

Expected Behavior Shouldn’t crash 😃

Actual behavior Electron crashes (half of it, I mean the process is still going on at almost 100% CPU, in background)

To Reproduce

const dh = crypto.createECDH('prime256v1');
console.log("step1");
dh.setPrivateKey(privateKey, 'base64');
console.log("step2");

Additional Information It works with electron 3.1.1, but not 4.0.1 Maybe an update of Node could fix the issue

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 16 (6 by maintainers)

Most upvoted comments

@chevonc should go out in the next releases of 4.x and 5.x-beta.

+3
nornagon on Mar 8, 2019

Thank you so much @nornagon 😃 I wish I’d knew how to fix it myself, I learnt a little bit about electron uses patches. Thanks!

+1
jamesb3ll on Mar 12, 2019

I did a little more digging and it looks like the culprit is actually this in node_crypto.cc:

  // To avoid inconsistency, clear the current public key in-case computing
  // the new one fails for some reason.
  EC_KEY_set_public_key(ecdh->key_.get(), nullptr);

The BoringSSL implementation of that function expects the key to be non-null.

+1
nornagon on Mar 1, 2019

@jamesb3ll not sure if this is applicable here, but you posted a workaround on another repo’s thread. Adding here for context. cc @codebytere

..calling `crypto.createECDH(...).setPrivateKey` is making Electron crash. I replaced `cryto.createECDH` with [`create-ecdh`](https://github.com/crypto-browserify/createECDH/blob/master/browser.js) module in [`decrypt.js`](https://github.com/MatthieuLemoine/push-receiver/blob/master/src/utils/decrypt/index.js#L12) and it works as expected without crashes. Let's hope Electron fixes this soon..

Sadly this workaround doesn’t seem to work for me @v5.0.0-beta.3… Crashes with an malloc error. Any other ideas? This bug is currently keeping me back quite a bit @chevonc @codebytere.

The last working release I could find on npm was v4.0.0-nightly.20180821

+1
ItsEcholot on Feb 24, 2019
Read more comments on GitHub
← electron: Crash when node-ffi is required
electron: currentWindow.maximize() doesn't truly maximize the window →