The C++ library, Crypto++, has an amazing array of crypto routines, including stream cyphers, block ciphers, message authentication codes, hash functions, public-key cryptography, elliptic curve cryptopgraphy, as well as hold-over insecure and obsolescent algorithms.
I'm using the library for a relatively simple task of using SHA-1 hashing on user
passwords for a variety of software applications I'm in the midst of writing: blog
routines, IP addressing documentation, and network management.
In the readme file in the archive is a couple of paragraphs I found as succinct
descriptions of what to do in contstructors with C++ references and pointers:
1. If a constructor for A takes a pointer to an object B (except primitive
types such as int and char), then A owns B and will delete B at A's
destruction. If a constructor for A takes a reference to an object B,
then the caller retains ownership of B and should not destroy it until
A no longer needs it.
2. Crypto++ is thread safe at the class level. This means you can use
Crypto++ safely in a multithreaded application, but you must provide
synchronization when multiple threads access a common Crypto++ object.
The first paragraph talks about constructors, the relationship of who does garbage
collection, and a clue as to when pointers whould be used and when references should be
used. The second paragraph, is, really, a kind of throw away, in terms of multithreading
practices, but at least it is honest with what it can do.