Merge branch 'feat/lwip_with_mbedtls' into 'master'

feat(lwip): Add support for PPP Auth using mbedTLS

Closes IDFGH-12599

See merge request espressif/esp-idf!31071

components/esp_netif/lwip/esp_netif_lwip.c

@@ -2632,15 +2632,6 @@ esp_err_t esp_netif_ppp_set_auth(esp_netif_t *esp_netif, esp_netif_auth_type_t a
 {
     set_auth_msg_t msg = { .authtype = authtype, .user = user, .passwd = passwd };
     return esp_netif_lwip_ipc_call(esp_netif_ppp_set_auth_api, esp_netif, &msg);
-#if PPP_AUTH_SUPPORT
-        lwip_peer2peer_ctx_t *ppp_ctx = (lwip_peer2peer_ctx_t *)netif->related_data;
-    assert(ppp_ctx->base.netif_type == PPP_LWIP_NETIF);
-    pppapi_set_auth(ppp_ctx->ppp, authtype, user, passwd);
-    return ESP_OK;
-#else
-    ESP_LOGE(TAG, "%s failed: No authorisation enabled in menuconfig", __func__);
-    return ESP_ERR_ESP_NETIF_IF_NOT_READY;
-#endif
 }
 
 esp_err_t esp_netif_napt_disable(esp_netif_t *esp_netif)

components/lwip/CMakeLists.txt

@@ -132,12 +132,7 @@ if(CONFIG_LWIP_ENABLE)
             "lwip/src/netif/ppp/pppos.c"
             "lwip/src/netif/ppp/upap.c"
             "lwip/src/netif/ppp/utils.c"
-            "lwip/src/netif/ppp/vj.c"
-            "lwip/src/netif/ppp/polarssl/arc4.c"
-            "lwip/src/netif/ppp/polarssl/des.c"
-            "lwip/src/netif/ppp/polarssl/md4.c"
-            "lwip/src/netif/ppp/polarssl/md5.c"
-            "lwip/src/netif/ppp/polarssl/sha1.c")
+            "lwip/src/netif/ppp/vj.c")
     endif()
 
     if(NOT ${target} STREQUAL "linux")
@@ -160,6 +155,15 @@ if(CONFIG_LWIP_ENABLE)
             "apps/ping/ping_sock.c")
     endif()
 
+    if(NOT CONFIG_LWIP_USE_EXTERNAL_MBEDTLS)
+        list(APPEND srcs
+                "lwip/src/netif/ppp/polarssl/arc4.c"
+                "lwip/src/netif/ppp/polarssl/des.c"
+                "lwip/src/netif/ppp/polarssl/md4.c"
+                "lwip/src/netif/ppp/polarssl/md5.c"
+                "lwip/src/netif/ppp/polarssl/sha1.c")
+    endif()
+
     if(CONFIG_LWIP_DHCPS)
         list(APPEND srcs "apps/dhcpserver/dhcpserver.c")
     endif()
@@ -211,6 +215,10 @@ if(CONFIG_LWIP_ENABLE)
         idf_component_optional_requires(PRIVATE nvs_flash)
     endif()
 
+    if(CONFIG_LWIP_USE_EXTERNAL_MBEDTLS)
+        idf_component_optional_requires(PRIVATE mbedtls)
+    endif()
+
     if(${target} STREQUAL "linux")
         set(THREADS_PREFER_PTHREAD_FLAG ON)
         find_package(Threads REQUIRED)

components/lwip/Kconfig

@@ -998,6 +998,17 @@ menu "LWIP"
         help
             Enable PPP debug log output
 
+    config LWIP_USE_EXTERNAL_MBEDTLS
+        bool "Use mbedTLS instead of internal polarSSL"
+        depends on LWIP_PPP_SUPPORT
+        depends on !LWIP_PPP_MPPE_SUPPORT && !LWIP_PPP_MSCHAP_SUPPORT
+        default n
+        help
+            This option uses mbedTLS crypto functions (instead of internal PolarSSL
+            implementation) for PPP authentication modes (PAP, CHAP, etc.).
+            You can use this option to address symbol duplication issues, since
+            the internal functions are not namespaced (e.g. md5_init()).
+
     menuconfig LWIP_SLIP_SUPPORT
         bool "Enable SLIP support (new/experimental)"
         default n

components/lwip/lwip

@@ -1 +1 @@
-Subproject commit 3a3d1fb3e3bc23cf86cf653ce5928eda47e2c15d
+Subproject commit e8d0513898ce96d7851b41bc6acb7af3259a447b

components/lwip/port/include/lwipopts.h

@@ -1151,6 +1151,15 @@ static inline uint32_t timeout_from_offered(uint32_t lease, uint32_t min)
 #define PPP_SUPPORT                     0
 #endif  /* CONFIG_LWIP_PPP_SUPPORT */
 
+/**
+ * LWIP_USE_EXTERNAL_MBEDTLS: Use external mbed TLS library for crypto implementation used in PPP AUTH
+ */
+#ifdef CONFIG_LWIP_USE_EXTERNAL_MBEDTLS
+#define LWIP_USE_EXTERNAL_MBEDTLS 1
+#else
+#define LWIP_USE_EXTERNAL_MBEDTLS 0
+#endif
+
 /*
    --------------------------------------
    ---------- Checksum options ----------