Skip to content

Our public headers suppress MSVC warnings about “less secure” functions #10612

New issue
New issue
Open
Bug
Open
Our public headers suppress MSVC warnings about “less secure” functions#10612
Bug
Labels
bugsize-xsEstimated task size: extra small (a few hours at most)
@gilles-peskine-arm

Description

@gilles-peskine-arm
gilles-peskine-arm
opened on Feb 20, 2026

Since PolarSSL, our config header contains

#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
#define _CRT_SECURE_NO_DEPRECATE 1
#endif

We do this because when we build the library, we want to be able to use some functions that MSVC doesn't like, such as fopen(). But we shouldn't impose this on third-party applications. Depending on whether you include system headers before or after an Mbed TLS or TF-PSA-Crypto header, you will or will not get a warning if you use a function that MSVC considers deprecated.

We should only define _CRT_SECURE_NO_DEPRECATE when building our own code, i.e. in common.h in 3.6 and in *_platform_requirements.h in 1.1/4.1.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugsize-xsEstimated task size: extra small (a few hours at most)

    Type

    Bug

    Projects

    Risks

    Status

    No status
    1.1/4.1 LTS planning

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions