entropy_poll.c uses the filesystem but isn't guarded with `MBEDTLS_FS_IO`

[tom-cosgrove-arm]

Summary

In most of the library, all filesystem calls (fopen(), fread() and fclose()) are within #if defined(MBEDTLS_FS_IO) guards.

However, in entropy_poll.c there is a version of mbedtls_platform_entropy_poll() that uses the filesystem to access /dev/urandom that is not guarded by #if defined(MBEDTLS_FS_IO).

System information

Building on a Linux-type system, but with no filesystem.

Expected behavior

If MBEDTLS_FS_IO is not defined (and options that require it) there should be no filesystem calls made.

Actual behavior

entropy_poll.c:mbedtls_platform_entropy_poll() will try to fopen("/dev/urandom").

[gilles-peskine-arm]

A platform that has /dev/urandom is sufficiently Unix-like that we can expect it to have at least open() and friends. Can we expect it to have fopen() as well? Maybe a barebones Linux kernel without a standard libc?

In any case, if we keep the call to fopen, it should be guarded with MBEDTLS_FS_IO. The fact that it isn't may be considered a bug, or may be considered a limitation that we just assume that if you have Unixy stuff such as /dev/urandom, you definitely have more portable stuff such as fopen.

[tom-cosgrove-arm]

I look at it the other way round: if I say "I don't have MBEDTLS_FS_IO", then why is Mbed TLS trying to fopen("/dev/urandom")?