Page 1 of 1

How to disable mbedtls on ESP-IDF

Posted: Tue Nov 22, 2022 2:07 am
by kysonlok
Hello,

I have a project with esp32s2. I have a static library which is provided by a vendor. The static library contains modified mbedtls. When I link the static library on my IDF sample project, some mbedtls function is conflict with the mbedtls component.

So my question is there is any way to disable IDF mbedtls? If yes, what should I do? Thanks.

Re: How to disable mbedtls on ESP-IDF

Posted: Mon Mar 06, 2023 9:49 pm
by dizcza
+1

I'd also like to disable mbedlts for another reason: it takes up additional Flash and perhaps RAM resources. It looks impossible though: there is no such flag.

Seems like we're forced to use encrypted communication when no communication is needed.

Re: How to disable mbedtls on ESP-IDF

Posted: Wed Mar 08, 2023 12:58 am
by ESP_Sprite
Generally, if you don't link to mbedtls stuff anywhere, the linker will see it's not used and not include it in your binary. Do note, however, that various things like (iirc) BT and the WiFi stack do depend on mbedtls for their crypto needs, so if you use those, mbedtls will be included.

Re: How to disable mbedtls on ESP-IDF

Posted: Wed Mar 08, 2023 9:18 am
by dizcza
In some projects I need WiFi but the communication is within the local network only, so I don't need encryption.

The way I'm currently doing this is disabling each and every feature in mbedtls menuconfig:

Code: Select all

# CONFIG_MBEDTLS_SSL_RENEGOTIATION is not set
# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS is not set
# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS is not set
# CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED is not set
# CONFIG_MBEDTLS_ECP_NIST_OPTIM is not set
Unfortunately, I cannot exclude all features as some headers complain that I must select at least one encryption algorithm,.

Re: How to disable mbedtls on ESP-IDF

Posted: Thu Mar 09, 2023 12:44 am
by ESP_Sprite
...you don't even need a password for your WiFi network? Because WPA uses encryption. But yeah, even if you were to only use open networks, I don't think the WiFi stack is configurable to not accept any encryption at all. You could create a mbedtls component in your project (which will override the ESP-IDF version) and simply code stub functions for everything that is needed, but I'm not sure what stuff will break if you'd do that.

Re: How to disable mbedtls on ESP-IDF

Posted: Thu Mar 09, 2023 7:43 am
by dizcza
Yeah I do use WPA connections, I didn't think of that. Well, at least I found the minimal working configuration of mbedtls that doesn't require tinkering with ESP-IDF components code.