fix some memory leaks

CryptoLib.Tests/src/Asn1/X509/DeltaCertificateTests.pas

@@ -202,6 +202,7 @@ var
   LDeltaExt: IX509Extension;
   LRsaKgParams: IRsaKeyGenerationParameters;
   LSignerA, LSignerB: ISignatureFactory;
+  LIssuerDN, LSubjectDN: IX509Name;
 begin
   LRsaKpg := TGeneratorUtilities.GetKeyPairGenerator('RSA');
   LRsaKgParams := TRsaKeyGenerationParameters.Create(TBigInteger.ValueOf(65537), FSecureRandom, 2048, 80);
@@ -210,11 +211,13 @@ begin
   LBaseKp := LRsaKpg.GenerateKeyPair();
 
   LDeltaBldr := TX509V3CertificateGenerator.Create;
-  LDeltaBldr.SetIssuerDN(TX509Name.Create('CN=Issuer') as IX509Name);
+  LIssuerDN := TX509Name.Create('CN=Issuer');
+  LDeltaBldr.SetIssuerDN(LIssuerDN);
   LDeltaBldr.SetSerialNumber(TBigInteger.One);
   LDeltaBldr.SetNotBefore(Now);
   LDeltaBldr.SetNotAfter(IncYear(Now, 1));
-  LDeltaBldr.SetSubjectDN(TX509Name.Create('CN=Subject') as IX509Name);
+  LSubjectDN := TX509Name.Create('CN=Subject');
+  LDeltaBldr.SetSubjectDN(LSubjectDN);
   LDeltaBldr.SetPublicKey(LDeltaKp.Public);
   LSignerA := TAsn1SignatureFactory.Create('SHA256withRSA', LDeltaKp.Private);
   LDeltaCert := LDeltaBldr.Generate(LSignerA);
@@ -222,11 +225,13 @@ begin
   LDeltaExt := TDeltaCertificateTool.CreateDeltaCertificateExtension(False, LDeltaCert);
 
   LBaseBldr := TX509V3CertificateGenerator.Create;
-  LBaseBldr.SetIssuerDN(TX509Name.Create('CN=Issuer') as IX509Name);
+  LIssuerDN := TX509Name.Create('CN=Issuer');
+  LBaseBldr.SetIssuerDN(LIssuerDN);
   LBaseBldr.SetSerialNumber(TBigInteger.Two);
   LBaseBldr.SetNotBefore(Now);
   LBaseBldr.SetNotAfter(IncYear(Now, 1));
-  LBaseBldr.SetSubjectDN(TX509Name.Create('CN=Subject') as IX509Name);
+  LSubjectDN := TX509Name.Create('CN=Subject');
+  LBaseBldr.SetSubjectDN(LSubjectDN);
   LBaseBldr.SetPublicKey(LBaseKp.Public);
   LBaseBldr.AddExtension(TX509Extensions.DraftDeltaCertificateDescriptor, LDeltaExt);
   LSignerB := TAsn1SignatureFactory.Create('SHA256withRSA', LBaseKp.Private);
@@ -250,6 +255,8 @@ var
   LDeltaCert, LChameleonCert, LExDeltaCert: IX509Certificate;
   LDeltaExt: IX509Extension;
   LDeltaCertDesc: IDeltaCertificateDescriptor;
+  LIssuerDN1, LIssuerDN2: IX509Name;
+  LBasicConstraints1, LBasicConstraints2: IBasicConstraints;
 begin
   LSubject := TX509Name.Create('CN=Test Subject');
 
@@ -271,22 +278,26 @@ begin
   LNotAfter := IncHour(Now, 1);
 
   LBldr := TX509V3CertificateGenerator.Create;
-  LBldr.SetIssuerDN(TX509Name.Create('CN=Chameleon CA 1') as IX509Name);
+  LIssuerDN1 := TX509Name.Create('CN=Chameleon CA 1');
+  LBldr.SetIssuerDN(LIssuerDN1);
   LBldr.SetSerialNumber(TBigInteger.ValueOf(1000));
   LBldr.SetNotBefore(LNotBefore);
   LBldr.SetNotAfter(LNotAfter);
   LBldr.SetSubjectDN(LSubject);
   LBldr.SetPublicKey(LKpA.Public);
-  LBldr.AddExtension(TX509Extensions.BasicConstraints, True, TBasicConstraints.Create(False) as IBasicConstraints);
+  LBasicConstraints1 := TBasicConstraints.Create(False);
+  LBldr.AddExtension(TX509Extensions.BasicConstraints, True, LBasicConstraints1);
 
   LDeltaBldr := TX509V3CertificateGenerator.Create;
-  LDeltaBldr.SetIssuerDN(TX509Name.Create('CN=Chameleon CA 2') as IX509Name);
+  LIssuerDN2 := TX509Name.Create('CN=Chameleon CA 2');
+  LDeltaBldr.SetIssuerDN(LIssuerDN2);
   LDeltaBldr.SetSerialNumber(TBigInteger.ValueOf(1001));
   LDeltaBldr.SetNotBefore(LNotBefore);
   LDeltaBldr.SetNotAfter(LNotAfter);
   LDeltaBldr.SetSubjectDN(LSubject);
   LDeltaBldr.SetPublicKey(LKpB.Public);
-  LDeltaBldr.AddExtension(TX509Extensions.BasicConstraints, True, TBasicConstraints.Create(False) as IBasicConstraints);
+  LBasicConstraints2 := TBasicConstraints.Create(False);
+  LDeltaBldr.AddExtension(TX509Extensions.BasicConstraints, True, LBasicConstraints2);
   LDeltaCert := LDeltaBldr.Generate(LSignerB);
 
   LDeltaExt := TDeltaCertificateTool.CreateDeltaCertificateExtension(False, LDeltaCert);

CryptoLib/src/Crypto/Randoms/ClpSecureRandom.pas

@@ -25,10 +25,10 @@ uses
   Math,
   SyncObjs,
   SysUtils,
-  StrUtils,
+  DateUtils,
   ClpBits,
   ClpCryptoLibTypes,
-  ClpTimes,
+  ClpDateTimeUtilities,
   ClpIDigest,
   ClpIRandomGenerator,
   ClpRandom,
@@ -320,7 +320,7 @@ begin
   if FLock = nil then
   begin
     FLock := TCriticalSection.Create;
-    FCounter := TTimes.NanoTime();
+    FCounter := TDateTimeUtilities.DateTimeToTicks(TTimeZone.Local.ToUniversalTime(Now));
     FMaster := TSecureRandom.Create(TCryptoApiRandomGenerator.Create()
       as ICryptoApiRandomGenerator);
     FDoubleScale := Power(2.0, 64.0);

CryptoLib/src/Factories/ClpSubjectPublicKeyInfoFactory.pas

@@ -37,8 +37,9 @@ uses
   ClpPkcsObjectIdentifiers,
   ClpX9ObjectIdentifiers,
   ClpEdECObjectIdentifiers,
-  ClpIDsaParameters,
+  ClpIDsaParameter,
   ClpDsaParameter,
+  ClpIDsaParameters,
   ClpX9Asn1Objects,
   ClpIX9Asn1Objects,
   ClpX9ECParameters,
@@ -85,7 +86,7 @@ begin
   if Supports(APublicKey, IRsaKeyParameters, LRsaKey) then
   begin
     LAlgID := TAlgorithmIdentifier.Create(TPkcsObjectIdentifiers.RsaEncryption, TDerNull.Instance);
-    Result := TSubjectPublicKeyInfo.Create(LAlgID, TRsaPublicKeyStructure.Create(LRsaKey.Modulus, LRsaKey.Exponent));
+    Result := TSubjectPublicKeyInfo.Create(LAlgID, TRsaPublicKeyStructure.Create(LRsaKey.Modulus, LRsaKey.Exponent) as IRsaPublicKeyStructure);
     Exit;
   end;
 
@@ -95,8 +96,8 @@ begin
     if LKp = nil then
       raise EArgumentCryptoLibException.Create('DSA public key requires parameters.');
     LAlgID := TAlgorithmIdentifier.Create(TX9ObjectIdentifiers.IdDsa,
-      TDsaParameter.Create(LKp.p, LKp.q, LKp.g));
-    Result := TSubjectPublicKeyInfo.Create(LAlgID, TDerInteger.Create(LDsaKey.y));
+      TDsaParameter.Create(LKp.p, LKp.q, LKp.g) as IDsaParameter);
+    Result := TSubjectPublicKeyInfo.Create(LAlgID, TDerInteger.Create(LDsaKey.y) as IDerInteger);
     Exit;
   end;
 

CryptoLib/src/GeneralUtilities/ClpDateTimeUtilities.pas

@@ -235,6 +235,20 @@ type
     /// </summary>
     class function CurrentUnixMs(): Int64; static;
 
+    /// <summary>
+    /// Return the number of ticks (100-nanosecond intervals) since January 1, 0001 12:00am for a given DateTime value.
+    /// </summary>
+    /// <param name="ADateTime">A DateTime value.</param>
+    /// <returns>Number of 100-nanosecond intervals since January 1, 0001 12:00am.</returns>
+    class function DateTimeToTicks(const ADateTime: TDateTime): Int64; static;
+
+    /// <summary>
+    /// Create a DateTime value from the number of ticks (100-nanosecond intervals) since January 1, 0001 12:00am.
+    /// </summary>
+    /// <param name="ATicks">Number of 100-nanosecond intervals since January 1, 0001 12:00am.</param>
+    /// <returns>A DateTime value</returns>
+    class function TicksToDateTime(const ATicks: Int64): TDateTime; static;
+
     /// <summary>
     /// Round DateTime to centisecond precision (10 milliseconds).
     /// </summary>
@@ -583,6 +597,39 @@ begin
   Result := DateTimeToUnixMs(TTimeZone.Local.ToUniversalTime(Now));
 end;
 
+class function TDateTimeUtilities.DateTimeToTicks(const ADateTime: TDateTime): Int64;
+var
+  LEpoch: TDateTime;
+  LMsSinceEpoch: Int64;
+begin
+  // Epoch: January 1, 0001 12:00am
+  LEpoch := EncodeDateTime(1, 1, 1, 0, 0, 0, 0);
+  
+  // Calculate milliseconds since epoch (preserving sign)
+  if ADateTime >= LEpoch then
+    LMsSinceEpoch := MilliSecondsBetween(ADateTime, LEpoch)
+  else
+    LMsSinceEpoch := -MilliSecondsBetween(ADateTime, LEpoch);
+  
+  // Convert milliseconds to ticks (1 millisecond = 10,000 ticks)
+  Result := LMsSinceEpoch * Int64(10000);
+end;
+
+class function TDateTimeUtilities.TicksToDateTime(const ATicks: Int64): TDateTime;
+var
+  LEpoch: TDateTime;
+  LMsSinceEpoch: Int64;
+begin
+  // Epoch: January 1, 0001 12:00am
+  LEpoch := EncodeDateTime(1, 1, 1, 0, 0, 0, 0);
+  
+  // Convert ticks to milliseconds (1 millisecond = 10,000 ticks)
+  LMsSinceEpoch := ATicks div Int64(10000);
+  
+  // Add milliseconds to epoch to get the DateTime
+  Result := IncMilliSecond(LEpoch, LMsSinceEpoch);
+end;
+
 class function TDateTimeUtilities.WithPrecisionCentisecond(const ADateTime: TDateTime): TDateTime;
 var
   LMs: Int64;

CryptoLib/src/X509/ClpX509Certificate.pas

@@ -800,7 +800,7 @@ end;
 
 function TX509Certificate.IsSignatureValid(const AKey: IAsymmetricKeyParameter): Boolean;
 begin
-  Result := CheckSignatureValid(TAsn1VerifierFactory.Create(FCertificateStructure.SignatureAlgorithm, AKey));
+  Result := CheckSignatureValid(TAsn1VerifierFactory.Create(FCertificateStructure.SignatureAlgorithm, AKey) as IVerifierFactory);
 end;
 
 function TX509Certificate.IsSignatureValid(const AVerifierProvider: IVerifierFactoryProvider): Boolean;
@@ -810,7 +810,7 @@ end;
 
 function TX509Certificate.IsAlternativeSignatureValid(const APublicKey: IAsymmetricKeyParameter): Boolean;
 begin
-  Result := IsAlternativeSignatureValid(TAsn1VerifierFactoryProvider.Create(APublicKey));
+  Result := IsAlternativeSignatureValid(TAsn1VerifierFactoryProvider.Create(APublicKey) as IVerifierFactoryProvider);
 end;
 
 function TX509Certificate.IsAlternativeSignatureValid(const AVerifierProvider: IVerifierFactoryProvider): Boolean;
@@ -847,7 +847,7 @@ begin
     LTagged := TDerTaggedObject.Create(True, 3, LExtensions.ToAsn1ObjectTrimmed());
   LV.Add(LTagged);
 
-  Result := TX509Utilities.VerifySignature(LVerifier, TDerSequence.Create(LV), LAltSigValue.Signature);
+  Result := TX509Utilities.VerifySignature(LVerifier, TDerSequence.Create(LV) as IDerSequence, LAltSigValue.Signature);
 end;
 
 procedure TX509Certificate.Verify(const AKey: IAsymmetricKeyParameter);

CryptoLib/src/X509/ClpX509V3CertificateGenerator.pas

@@ -177,7 +177,7 @@ procedure TX509V3CertificateGenerator.SetSerialNumber(const ASerialNumber: TBigI
 begin
   if ASerialNumber.SignValue <= 0 then
     raise EArgumentCryptoLibException.Create('serial number must be a positive integer');
-  FTbsGen.SetSerialNumber(TDerInteger.Create(ASerialNumber));
+  FTbsGen.SetSerialNumber(TDerInteger.Create(ASerialNumber) as IDerInteger);
 end;
 
 procedure TX509V3CertificateGenerator.SetIssuerDN(const AIssuer: IX509Name);
@@ -192,12 +192,12 @@ end;
 
 procedure TX509V3CertificateGenerator.SetNotBefore(const ADate: TDateTime);
 begin
-  FTbsGen.SetStartDate(TTime.Create(ADate));
+  FTbsGen.SetStartDate(TTime.Create(ADate) as ITime);
 end;
 
 procedure TX509V3CertificateGenerator.SetNotAfter(const ADate: TDateTime);
 begin
-  FTbsGen.SetEndDate(TTime.Create(ADate));
+  FTbsGen.SetEndDate(TTime.Create(ADate) as ITime);
 end;
 
 procedure TX509V3CertificateGenerator.SetSubjectDN(const ASubject: IX509Name);
@@ -208,7 +208,7 @@ end;
 procedure TX509V3CertificateGenerator.SetPublicKey(const APublicKey: IAsymmetricKeyParameter);
 begin
   FTbsGen.SetSubjectPublicKeyInfo(
-    TSubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(APublicKey));
+    TSubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(APublicKey) as ISubjectPublicKeyInfo);
 end;
 
 procedure TX509V3CertificateGenerator.SetSubjectPublicKeyInfo(const APubKeyInfo: ISubjectPublicKeyInfo);
@@ -229,7 +229,7 @@ end;
 procedure TX509V3CertificateGenerator.AddExtension(const AOid: String;
   ACritical: Boolean; const AExtValue: IAsn1Encodable);
 begin
-  AddExtension(TDerObjectIdentifier.Create(AOid), ACritical, AExtValue);
+  AddExtension(TDerObjectIdentifier.Create(AOid) as IDerObjectIdentifier, ACritical, AExtValue);
 end;
 
 procedure TX509V3CertificateGenerator.AddExtension(const AOid: IDerObjectIdentifier;
@@ -241,7 +241,7 @@ end;
 procedure TX509V3CertificateGenerator.AddExtension(const AOid: String;
   ACritical: Boolean; const AExtValue: IAsn1Convertible);
 begin
-  AddExtension(TDerObjectIdentifier.Create(AOid), ACritical, AExtValue);
+  AddExtension(TDerObjectIdentifier.Create(AOid) as IDerObjectIdentifier, ACritical, AExtValue);
 end;
 
 procedure TX509V3CertificateGenerator.AddExtension(const AOid: IDerObjectIdentifier;
@@ -253,7 +253,7 @@ end;
 procedure TX509V3CertificateGenerator.AddExtension(const AOid: String;
   ACritical: Boolean; const AExtValue: TCryptoLibByteArray);
 begin
-  AddExtension(TDerObjectIdentifier.Create(AOid), ACritical, AExtValue);
+  AddExtension(TDerObjectIdentifier.Create(AOid) as IDerObjectIdentifier, ACritical, AExtValue);
 end;
 
 procedure TX509V3CertificateGenerator.AddExtension(const AOid: IDerObjectIdentifier;