How to disable mbedtls on ESP-IDF

kysonlok
Posts: 1
Joined: Tue Nov 22, 2022 1:02 am

How to disable mbedtls on ESP-IDF

Postby kysonlok » Tue Nov 22, 2022 2:07 am

Hello,

I have a project with esp32s2. I have a static library which is provided by a vendor. The static library contains modified mbedtls. When I link the static library on my IDF sample project, some mbedtls function is conflict with the mbedtls component.

So my question is there is any way to disable IDF mbedtls? If yes, what should I do? Thanks.

dizcza
Posts: 56
Joined: Tue Sep 07, 2021 6:59 pm

Re: How to disable mbedtls on ESP-IDF

Postby dizcza » Mon Mar 06, 2023 9:49 pm

+1

I'd also like to disable mbedlts for another reason: it takes up additional Flash and perhaps RAM resources. It looks impossible though: there is no such flag.

Seems like we're forced to use encrypted communication when no communication is needed.

ESP_Sprite
Posts: 9757
Joined: Thu Nov 26, 2015 4:08 am

Re: How to disable mbedtls on ESP-IDF

Postby ESP_Sprite » Wed Mar 08, 2023 12:58 am

Generally, if you don't link to mbedtls stuff anywhere, the linker will see it's not used and not include it in your binary. Do note, however, that various things like (iirc) BT and the WiFi stack do depend on mbedtls for their crypto needs, so if you use those, mbedtls will be included.

dizcza
Posts: 56
Joined: Tue Sep 07, 2021 6:59 pm

Re: How to disable mbedtls on ESP-IDF

Postby dizcza » Wed Mar 08, 2023 9:18 am

In some projects I need WiFi but the communication is within the local network only, so I don't need encryption.

The way I'm currently doing this is disabling each and every feature in mbedtls menuconfig:

Code: Select all

# CONFIG_MBEDTLS_SSL_RENEGOTIATION is not set
# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS is not set
# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS is not set
# CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED is not set
# CONFIG_MBEDTLS_ECP_NIST_OPTIM is not set
Unfortunately, I cannot exclude all features as some headers complain that I must select at least one encryption algorithm,.

ESP_Sprite
Posts: 9757
Joined: Thu Nov 26, 2015 4:08 am

Re: How to disable mbedtls on ESP-IDF

Postby ESP_Sprite » Thu Mar 09, 2023 12:44 am

...you don't even need a password for your WiFi network? Because WPA uses encryption. But yeah, even if you were to only use open networks, I don't think the WiFi stack is configurable to not accept any encryption at all. You could create a mbedtls component in your project (which will override the ESP-IDF version) and simply code stub functions for everything that is needed, but I'm not sure what stuff will break if you'd do that.

dizcza
Posts: 56
Joined: Tue Sep 07, 2021 6:59 pm

Re: How to disable mbedtls on ESP-IDF

Postby dizcza » Thu Mar 09, 2023 7:43 am

Yeah I do use WPA connections, I didn't think of that. Well, at least I found the minimal working configuration of mbedtls that doesn't require tinkering with ESP-IDF components code.

Who is online

Users browsing this forum: No registered users and 372 guests