From 6c4a8a324515f9d6dc3280ed4e82993022c5138b Mon Sep 17 00:00:00 2001
From: Jonathan Swoboda <154711427+swoboda1337@users.noreply.github.com>
Date: Tue, 26 May 2026 18:49:44 -0400
Subject: [PATCH] [dsmr] Force BearSSL on ESP8266 to avoid mbedtls link failure
 (#16686)

---
 esphome/components/dsmr/dsmr.h | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/esphome/components/dsmr/dsmr.h b/esphome/components/dsmr/dsmr.h
index 626a389c1f..e55db9f976 100644
--- a/esphome/components/dsmr/dsmr.h
+++ b/esphome/components/dsmr/dsmr.h
@@ -16,9 +16,14 @@
 #include <span>
 #include <vector>
 
+// On ESP8266 Arduino, BearSSL is the native crypto. The mbedtls headers can
+// still be in scope when a sibling component (e.g. wireguard) pulls in
+// esp_mbedtls_esp8266, but that build leaves MBEDTLS_GCM_C disabled so the
+// gcm.h symbols are unresolved at link time. Force BearSSL on ESP8266 to
+// avoid that linker error.
 #if __has_include(<psa/crypto.h>)
 #include <dsmr_parser/decryption/aes128gcm_tfpsa.h>
-#elif __has_include(<mbedtls/gcm.h>)
+#elif !defined(USE_ESP8266) && __has_include(<mbedtls/gcm.h>)
 #if __has_include(<mbedtls/esp_config.h>)
 #include <mbedtls/esp_config.h>
 #endif
@@ -33,7 +38,7 @@ namespace esphome::dsmr {
 
 #if __has_include(<psa/crypto.h>)
 using Aes128GcmDecryptorImpl = dsmr_parser::Aes128GcmTfPsa;
-#elif __has_include(<mbedtls/gcm.h>)
+#elif !defined(USE_ESP8266) && __has_include(<mbedtls/gcm.h>)
 using Aes128GcmDecryptorImpl = dsmr_parser::Aes128GcmMbedTls;
 #else
 using Aes128GcmDecryptorImpl = dsmr_parser::Aes128GcmBearSsl;