Hello, these _s functions are not so much safer than the standard ones. Using them makes just MSVC happy.
Regards, Libor On 2019-11-26 12:07, Raja ashok wrote: > Hi All, > > We are using OpenSSL in our projects and we found some of the C standard > functions (like memcpy, strcpy) used in OpenSSL may induce security > vulnerablities like buffer overflow. Currently we have not found any > instances which causes such issues. > > But we feel better to change these calls to C11 standard's secure functions > like memcpy_s, strcpy_s etc. By defining a secure calls method (list of func > pointers) and allowing application to register the method. I understand that > this affects performance because of return value check added for xxxx_s > calls, but this will make sure it removes buffer overflow kind of issues > completely from code. And also currently using secure c calls is a general > industry practice. > > Please share your opinion on it, and if any discussion happened in OpenSSL > coummunity to do this change in future. > > Thanks in advance. > > Raja Ashok