Rogue Wave banner
Previous fileTop of DocumentContentsIndex pageNext file
Secure Communication Module User's Guide
Rogue Wave web site:  Home Page  |  Main Documentation Page

4.4 Initializing the Secure Sockets Package

Your application must initialize the cryptographic library before calling it and must terminate it immediately after the last cryptographic call. The initialization and termination functions allocate and free resources used by the cryptographic library. RWSecureSocketPackageInit encapsulates these initialization and termination functions in its constructor and destructor.

Because the instance of RWSecureSocketPackageInit must be active during all calls to the Secure Sockets package, we recommend that you create a global instance of RWSecureSocketPackageInit. Also, refrain from using Secure Sockets package functions in the constructors of other global objects.

If you do not have any global objects that require the Secure Sockets package during their construction, you can instantiate RWSecureSocketPackageInit in your main() function. See the examples in Section 4.1, "Getting Started with Secure Sockets."

4.4.1 Seeding the Random Number Generator

Random numbers are critical to the functioning of the SSL/TLS protocol. A random number is used as a key for the symmetric cipher, which is used to encrypt the application's data.

Truly random numbers are hard to generate, so pseudo-random numbers are used instead. Pseudo-random numbers are obtained from a pseudo-random number generator (PRNG), which is supplied by the cryptographic library. PRNGs need one starting value, called the seed, in order to generate pseudo-random numbers. Setting this initial value in the PRNG is known as seeding the PRNG.

Explicitly seeding the pseudo-random number generator is not necess ary for OpenSSL on Linux or any platform that has a /dev/urandom device —The random seed is read from that device automatically.

The PRNG can be seeded from a file, directly from memory, or, if you are using Microsoft Windows, from the pixels on the screen.

The more unpredictable the seed, the better. If someone guesses the seed, they can put it into the PRNG and generate the same pseudo-random numbers that you did, which foils any security that you have. See RFC 1750 (available at: for information about seeding random number generators.

If the macro RW_SECSOCK_RNG_NEEDS_SEEDING is defined, you must seed the PRNG using either the constructors or static functions in RWSecureSocketPackageInit. If your application fails to seed the PRNG when it is needed, an exception is thrown. See the SourcePro C++ API Reference Guide for more information.

4.4.2 Global Objects and the Secure Sockets Package Initialization

If your application uses global objects whose constructors require access to the Secure Sockets package, you must instantiate RWSecureSocketPackageInit before you construct the other global objects.

If the global objects that call the Secure Sockets package functions in their constructors are in the same translation unit, put the instantiation of RWSecureSocketPackageInit before all of the other definitions.

If these global objects are in different translation units, you have a problem called the "static initialization order fiasco" of C++. For more information, consult a C++ reference, such as C++ FAQs by Marshall Cline.

Previous fileTop of DocumentContentsNo linkNext file

Copyright © Rogue Wave Software, Inc. All Rights Reserved.

The Rogue Wave name and logo, and SourcePro, are registered trademarks of Rogue Wave Software. All other trademarks are the property of their respective owners.
Provide feedback to Rogue Wave about its documentation.