Hi Daiki, > The functions provided by the read-file module are handy, but they are > suboptimal for reading sensitive materials, because they do not clear > the allocated memory blocks upon failure. > ... > It's tempting to make this behavior enabled by default, but I worry that > it may cause any performance drawback.
Correct. For sensitive data, often different algorithms need to be used. Explicit clearing of memory, avoiding algorithms whose running time depends on the data, and possibly more. > The attached patch adds a set of variants that deal with that. Instead of doubling the number of functions of this header file, how about adding a flags argument to the functions? #define RF_BINARY 0x1 #define RF_SENSITIVE 0x2 extern char *fread_file (FILE * stream, int flags, size_t * length); extern char *read_file (const char *filename, int flags, size_t * length); This way, the public interface of this header file even shrinks to 2 functions. Yes, this breaks source-code backward compatibility, but Gnulib policy allows this [1], and the users will have an easy migration path: just add a zero argument for the flags. If you agree, I'd like to see two commits: 1. the introduction of the flags and RF_BINARY, 2. the RF_SENSITIVE flag. Do you want me to code the first commit, or do you want to do it? Bruno [1] https://www.gnu.org/software/gnulib/manual/html_node/Steady-Development.html
