feat(lwip): Add support for PPP Auth using mbedTLS

Closes https://github.com/espressif/esp-idf/issues/13597

components/lwip/CMakeLists.txt

@@ -132,12 +132,7 @@ if(CONFIG_LWIP_ENABLE)
             "lwip/src/netif/ppp/pppos.c"
             "lwip/src/netif/ppp/upap.c"
             "lwip/src/netif/ppp/utils.c"
-            "lwip/src/netif/ppp/vj.c"
-            "lwip/src/netif/ppp/polarssl/arc4.c"
-            "lwip/src/netif/ppp/polarssl/des.c"
-            "lwip/src/netif/ppp/polarssl/md4.c"
-            "lwip/src/netif/ppp/polarssl/md5.c"
-            "lwip/src/netif/ppp/polarssl/sha1.c")
+            "lwip/src/netif/ppp/vj.c")
     endif()
 
     if(NOT ${target} STREQUAL "linux")
@@ -160,6 +155,15 @@ if(CONFIG_LWIP_ENABLE)
             "apps/ping/ping_sock.c")
     endif()
 
+    if(NOT CONFIG_LWIP_USE_EXTERNAL_MBEDTLS)
+        list(APPEND srcs
+                "lwip/src/netif/ppp/polarssl/arc4.c"
+                "lwip/src/netif/ppp/polarssl/des.c"
+                "lwip/src/netif/ppp/polarssl/md4.c"
+                "lwip/src/netif/ppp/polarssl/md5.c"
+                "lwip/src/netif/ppp/polarssl/sha1.c")
+    endif()
+
     if(CONFIG_LWIP_DHCPS)
         list(APPEND srcs "apps/dhcpserver/dhcpserver.c")
     endif()
@@ -211,6 +215,10 @@ if(CONFIG_LWIP_ENABLE)
         idf_component_optional_requires(PRIVATE nvs_flash)
     endif()
 
+    if(CONFIG_LWIP_USE_EXTERNAL_MBEDTLS)
+        idf_component_optional_requires(PRIVATE mbedtls)
+    endif()
+
     if(${target} STREQUAL "linux")
         set(THREADS_PREFER_PTHREAD_FLAG ON)
         find_package(Threads REQUIRED)

components/lwip/Kconfig

@@ -998,6 +998,17 @@ menu "LWIP"
         help
             Enable PPP debug log output
 
+    config LWIP_USE_EXTERNAL_MBEDTLS
+        bool "Use mbedTLS instead of internal polarSSL"
+        depends on LWIP_PPP_SUPPORT
+        depends on !LWIP_PPP_MPPE_SUPPORT && !LWIP_PPP_MSCHAP_SUPPORT
+        default n
+        help
+            This option uses mbedTLS crypto functions (instead of internal PolarSSL
+            implementation) for PPP authentication modes (PAP, CHAP, etc.).
+            You can use this option to address symbol duplication issues, since
+            the internal functions are not namespaced (e.g. md5_init()).
+
     menuconfig LWIP_SLIP_SUPPORT
         bool "Enable SLIP support (new/experimental)"
         default n

components/lwip/port/include/lwipopts.h

@@ -1151,6 +1151,15 @@ static inline uint32_t timeout_from_offered(uint32_t lease, uint32_t min)
 #define PPP_SUPPORT                     0
 #endif  /* CONFIG_LWIP_PPP_SUPPORT */
 
+/**
+ * LWIP_USE_EXTERNAL_MBEDTLS: Use external mbed TLS library for crypto implementation used in PPP AUTH
+ */
+#ifdef CONFIG_LWIP_USE_EXTERNAL_MBEDTLS
+#define LWIP_USE_EXTERNAL_MBEDTLS 1
+#else
+#define LWIP_USE_EXTERNAL_MBEDTLS 0
+#endif
+
 /*
    --------------------------------------
    ---------- Checksum options ----------