Hi, I'd like to report a bug in the TECCEncSign component. You can reproduce it with your own CryptoDemo:
The Verify button triggers the "the signature is not valid" error. Any idea to fix? Tha...
I found a possible workaround.
Near line 387 in ECCObj.pas, replace with
if outPutFormat <> raw then begin
privateKeySender := conv.StringToTBytes(conv.FormatToChar(FPrivateKey));
publicKeySender := conv.StringToTBytes(conv.FormatToChar(FPublicKey));
end
else begin
privateKeySender := conv.StringToTBytes(FPrivateKey);
publicKeySender := conv.StringToTBytes(FPublicKey);
end;
Can you please confirm?
Another bug report:
I also got several access violation errors when the app is closed (including the CryptoDemo) with ECC used. Tracking down the problem, I searched for possible memory corruption.
There are indeed some buffer overflows in 6 locations across Sign, SignNaCl, Verify, and VerifyNaCl functions. The loop is iterating using lenbuffer - 1 instead of len - 1, reading beyond the end of inputBuffer in Ed25519.pas.
And in ECCObj.pas in the Destroy method, should inherited; not be moved to the end?
destructor TECCEncSign.Destroy;
begin
FPublicKey := StringOfChar(#0, Length(FPublicKey));
SetLength(FPublicKey, 0);
FPrivateKey := StringOfChar(#0, Length(FPrivateKey));
SetLength(FPrivateKey, 0);
if FCurve <> nil then
FreeAndNil(FCurve);
inherited;
end;
I hope this will be useful
Hi, thanks for the corrections and suggestions.
9 times out of ten, the issue is with a conversion.
1 Like
Yes, that's why I could suggest some fix. Conversion is easier to understand than cryptography 
.
All issues fixed. Thanks!