feat(lwip): Add support for PPP Auth using mbedTLS (v5.3)

LWIP submodule update (v5.3): git log --oneline 3a3d1fb3..e8d05138 - PPP/Auth: Add mbedtls includes if lwip uses it (espressif/esp-lwip@e8d05138) Closes https://github.com/espressif/esp-idf/issues/13597
2025-03-10 01:29:21 -04:00 · 2024-05-24 11:53:25 +02:00 · 2024-05-24 11:53:25 +02:00 · 1237b8c669
commit 1237b8c669
parent d716e64138
4 changed files with 35 additions and 7 deletions
--- a/components/lwip/CMakeLists.txt
+++ b/components/lwip/CMakeLists.txt
@ -132,12 +132,7 @@ if(CONFIG_LWIP_ENABLE)
            "lwip/src/netif/ppp/pppos.c"
            "lwip/src/netif/ppp/upap.c"
            "lwip/src/netif/ppp/utils.c"
-            "lwip/src/netif/ppp/vj.c"
-            "lwip/src/netif/ppp/polarssl/arc4.c"
-            "lwip/src/netif/ppp/polarssl/des.c"
-            "lwip/src/netif/ppp/polarssl/md4.c"
-            "lwip/src/netif/ppp/polarssl/md5.c"
-            "lwip/src/netif/ppp/polarssl/sha1.c")
+            "lwip/src/netif/ppp/vj.c")
    endif()

    if(NOT ${target} STREQUAL "linux")
@ -160,6 +155,15 @@ if(CONFIG_LWIP_ENABLE)
            "apps/ping/ping_sock.c")
    endif()

+    if(NOT CONFIG_LWIP_USE_EXTERNAL_MBEDTLS)
+        list(APPEND srcs
+                "lwip/src/netif/ppp/polarssl/arc4.c"
+                "lwip/src/netif/ppp/polarssl/des.c"
+                "lwip/src/netif/ppp/polarssl/md4.c"
+                "lwip/src/netif/ppp/polarssl/md5.c"
+                "lwip/src/netif/ppp/polarssl/sha1.c")
+    endif()
+
    if(CONFIG_LWIP_DHCPS)
        list(APPEND srcs "apps/dhcpserver/dhcpserver.c")
    endif()
@ -215,6 +219,10 @@ if(CONFIG_LWIP_ENABLE)
        idf_component_optional_requires(PRIVATE nvs_flash)
    endif()

+    if(CONFIG_LWIP_USE_EXTERNAL_MBEDTLS)
+        idf_component_optional_requires(PRIVATE mbedtls)
+    endif()
+
    if(${target} STREQUAL "linux")
        set(THREADS_PREFER_PTHREAD_FLAG ON)
        find_package(Threads REQUIRED)
--- a/components/lwip/Kconfig
+++ b/components/lwip/Kconfig
@ -992,6 +992,17 @@ menu "LWIP"
        help
            Enable PPP debug log output

+    config LWIP_USE_EXTERNAL_MBEDTLS
+        bool "Use mbedTLS instead of internal polarSSL"
+        depends on LWIP_PPP_SUPPORT
+        depends on !LWIP_PPP_MPPE_SUPPORT && !LWIP_PPP_MSCHAP_SUPPORT
+        default n
+        help
+            This option uses mbedTLS crypto functions (instead of internal PolarSSL
+            implementation) for PPP authentication modes (PAP, CHAP, etc.).
+            You can use this option to address symbol duplication issues, since
+            the internal functions are not namespaced (e.g. md5_init()).
+
    menuconfig LWIP_SLIP_SUPPORT
        bool "Enable SLIP support (new/experimental)"
        default n
--- a/components/lwip/lwip
+++ b/components/lwip/lwip
@ -1 +1 @@
-Subproject commit 3a3d1fb3e3bc23cf86cf653ce5928eda47e2c15d
+Subproject commit e8d0513898ce96d7851b41bc6acb7af3259a447b
--- a/components/lwip/port/include/lwipopts.h
+++ b/components/lwip/port/include/lwipopts.h
@ -1151,6 +1151,15 @@ static inline uint32_t timeout_from_offered(uint32_t lease, uint32_t min)
 #define PPP_SUPPORT                     0
 #endif  /* CONFIG_LWIP_PPP_SUPPORT */

+/**
+ * LWIP_USE_EXTERNAL_MBEDTLS: Use external mbed TLS library for crypto implementation used in PPP AUTH
+ */
+#ifdef CONFIG_LWIP_USE_EXTERNAL_MBEDTLS
+#define LWIP_USE_EXTERNAL_MBEDTLS 1
+#else
+#define LWIP_USE_EXTERNAL_MBEDTLS 0
+#endif
+
 /*
   --------------------------------------
   ---------- Checksum options ----------