OpenSSL isn't the best example to use. Cryptographic code is quite challenging to write because it needs to factor in timing analysis attacks (via cache misses, branching with different execution times, etc). For this reason, use of normal programming approaches may be incorrect from a security standpoint.