How to disable mbedtls on ESP-IDF

[kysonlok]

Hello,

I have a project with esp32s2. I have a static library which is provided by a vendor. The static library contains modified mbedtls. When I link the static library on my IDF sample project, some mbedtls function is conflict with the mbedtls component.

So my question is there is any way to disable IDF mbedtls? If yes, what should I do? Thanks.

[dizcza]

+1

I'd also like to disable mbedlts for another reason: it takes up additional Flash and perhaps RAM resources. It looks impossible though: there is no such flag.

Seems like we're forced to use encrypted communication when no communication is needed.

[ESP_Sprite]

Generally, if you don't link to mbedtls stuff anywhere, the linker will see it's not used and not include it in your binary. Do note, however, that various things like (iirc) BT and the WiFi stack do depend on mbedtls for their crypto needs, so if you use those, mbedtls will be included.

[dizcza]

In some projects I need WiFi but the communication is within the local network only, so I don't need encryption.

The way I'm currently doing this is disabling each and every feature in mbedtls menuconfig:

Code: Select all

# CONFIG_MBEDTLS_SSL_RENEGOTIATION is not set
# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS is not set
# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS is not set
# CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED is not set
# CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED is not set
# CONFIG_MBEDTLS_ECP_NIST_OPTIM is not set

Unfortunately, I cannot exclude all features as some headers complain that I must select at least one encryption algorithm,.

[ESP_Sprite]

...you don't even need a password for your WiFi network? Because WPA uses encryption. But yeah, even if you were to only use open networks, I don't think the WiFi stack is configurable to not accept any encryption at all. You could create a mbedtls component in your project (which will override the ESP-IDF version) and simply code stub functions for everything that is needed, but I'm not sure what stuff will break if you'd do that.

[dizcza]

Yeah I do use WPA connections, I didn't think of that. Well, at least I found the minimal working configuration of mbedtls that doesn't require tinkering with ESP-IDF components code.