[fpc-pascal] constructor "guarantee" and other behavioural stuff

Pierce Ng pierce at samadhiweb.com
Tue Jan 19 14:31:01 CET 2016

Hi all,

I last used Pascal in school a long long time ago. Just discovered Free Pascal.

I have the following:

    TNonceBytes = array[1..8] of byte;

    TNonce = class
        pn: TNonceBytes;
        filled: boolean;
        constructor create; overload;

  constructor TNonce.create;
    randombytes(pn, 8);
    filled := true;

Is "filled" necessary, or does the compiler guarantee that my overloaded
constructor is called to fill "pn" with "real crypto" random bytes? I'd imagine
that, if randombytes() isn't called, the content of pn might be whatever that
happens to be in the memory that was allocated. By eyeballing, I won't be able
to tell, but cryptographically it'll be catastrophic if pn contains
random-looking but possibly predictable data.

On a related note, if I keep "filled" as an instance variable but leave the
line "filled := true" out from the constructor, what is filled's value
after the constructor is done?

Finally, remembering my programming languages course from my CS undergrad days,
in the following, are TNonce and TNonceBytes allocated on the stack or from the
heap, and should I care, given that, in this case, I am writing a
security-sensitive program?

  procedure encrypt(ptext: TByteArray, var ctext: TByteArray);
    n: TNonce;
    n := TNonce.create;
    ... whatever ...

Thanks. Cheers.


More information about the fpc-pascal mailing list