Fix CI

Author: dgarske

.github/workflows/stm32h563-m33mu-https-tls13.yml

@@ -141,6 +141,7 @@ jobs:
           make -C src/port/stm32h563 \
             WOLFSSL_ROOT=../../../../wolfssl \
             ENABLE_HTTPS=1 ENABLE_MQTT_BROKER=1 ENABLE_SSH=1 \
+            WOLFSSL_SP_NO_ASM=1 \
             CC=arm-none-eabi-gcc OBJCOPY=arm-none-eabi-objcopy
 
       - name: Run m33mu + DHCP + full test
@@ -317,3 +318,132 @@ jobs:
           if [ -f /tmp/m33mu.pid ]; then
             sudo kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
           fi
+
+  stm32h563_m33mu_https_tls13:
+    runs-on: ubuntu-latest
+    timeout-minutes: 25
+    container:
+      image: ghcr.io/danielinux/m33mu-ci:1.7
+      options: --privileged
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install host tools
+        run: |
+          set -euo pipefail
+          apt-get update
+          apt-get install -y sudo dnsmasq iproute2 curl git tcpdump
+
+      - name: Fetch wolfSSL
+        run: |
+          set -euo pipefail
+          if [ ! -d ../wolfssl ]; then
+            git clone --depth 1 --branch master https://github.com/wolfSSL/wolfssl.git ../wolfssl
+          fi
+
+      - name: Build STM32H563 HTTPS firmware
+        run: |
+          set -euo pipefail
+          make -C src/port/stm32h563 clean TZEN=0 ENABLE_HTTPS=1 \
+            WOLFSSL_SP_NO_ASM=1 CC=arm-none-eabi-gcc OBJCOPY=arm-none-eabi-objcopy
+          make -C src/port/stm32h563 TZEN=0 ENABLE_HTTPS=1 \
+            WOLFSSL_SP_NO_ASM=1 CC=arm-none-eabi-gcc OBJCOPY=arm-none-eabi-objcopy
+          strings src/port/stm32h563/app.bin | grep "Initializing HTTPS server" > /dev/null
+
+      - name: Run m33mu + DHCP + HTTPS test
+        timeout-minutes: 15
+        run: |
+          set -euo pipefail
+
+          cleanup() {
+            set +e
+            if [ -f /tmp/m33mu.pid ]; then
+              sudo kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
+            fi
+            if [ -f /tmp/tcpdump.pid ]; then
+              sudo kill "$(cat /tmp/tcpdump.pid)" 2>/dev/null || true
+            fi
+            sudo pkill -x m33mu 2>/dev/null || true
+            if [ -f /tmp/dnsmasq.pid ]; then
+              sudo kill "$(cat /tmp/dnsmasq.pid)" 2>/dev/null || true
+            fi
+            sudo ip link del tap0 2>/dev/null || true
+          }
+          trap cleanup EXIT
+
+          sudo ip tuntap add dev tap0 mode tap
+          sudo ip addr add 192.168.12.1/24 dev tap0
+          sudo ip link set tap0 up
+
+          cat > /tmp/dnsmasq.conf <<'CONF'
+          interface=tap0
+          bind-interfaces
+          dhcp-range=192.168.12.50,192.168.12.100,255.255.255.0,12h
+          dhcp-leasefile=/tmp/dnsmasq.leases
+          log-dhcp
+          CONF
+          sudo dnsmasq --conf-file=/tmp/dnsmasq.conf --pid-file=/tmp/dnsmasq.pid
+
+          sudo tcpdump -i tap0 -nn -U -w /tmp/https-test.pcap > /tmp/tcpdump.log 2>&1 &
+          echo $! > /tmp/tcpdump.pid
+
+          sudo m33mu src/port/stm32h563/app.bin \
+            --cpu stm32h563 --tap:tap0 --uart-stdout --timeout 180 --quit-on-faults \
+            2>&1 | tee /tmp/m33mu.log &
+          sleep 1
+          m33mu_pid="$(pgrep -n -x m33mu || true)"
+          if [ -n "${m33mu_pid}" ]; then
+            echo "${m33mu_pid}" > /tmp/m33mu.pid
+          fi
+
+          ip=""
+          for _ in $(seq 1 90); do
+            if [ -s /tmp/dnsmasq.leases ]; then
+              ip="$(tail -n1 /tmp/dnsmasq.leases | cut -d' ' -f3)"
+            fi
+            if [ -n "${ip}" ]; then
+              break
+            fi
+            sleep 1
+          done
+          if [ -z "${ip}" ]; then
+            echo "No DHCP lease acquired."
+            echo "m33mu log:"
+            tail -n 200 /tmp/m33mu.log || true
+            exit 1
+          fi
+          echo "Leased IP: ${ip}"
+
+          ok=0
+          for _ in $(seq 1 60); do
+            if ! pgrep -x m33mu >/dev/null 2>&1; then
+              echo "m33mu exited before HTTPS check."
+              tail -n 200 /tmp/m33mu.log || true
+              exit 1
+            fi
+            if curl --silent --show-error --fail --insecure --tlsv1.3 \
+                --connect-timeout 10 --max-time 20 \
+                "https://${ip}/" | tee /tmp/curl.log | grep -q "wolfIP"; then
+              ok=1
+              break
+            fi
+            sleep 0.5
+          done
+          if [ "${ok}" -ne 1 ]; then
+            echo "HTTPS test failed."
+            echo "m33mu log:"
+            tail -n 200 /tmp/m33mu.log || true
+            echo "curl log:"
+            tail -n 200 /tmp/curl.log || true
+            echo "tcpdump log:"
+            tail -n 50 /tmp/tcpdump.log || true
+            exit 1
+          fi
+          echo "HTTPS test succeeded."
+          if [ -f /tmp/m33mu.pid ]; then
+            sudo kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
+          fi
+          if [ -f /tmp/tcpdump.pid ]; then
+            sudo kill "$(cat /tmp/tcpdump.pid)" 2>/dev/null || true
+          fi

.github/workflows/stm32h563-m33mu.yml

@@ -44,6 +44,10 @@ ifeq ($(ENABLE_MQTT),1)
   ENABLE_TLS = 1
 endif
 
+# Disable wolfSSL Cortex-M assembly (set to 1 for emulators/CI that reject
+# certain T32 instructions generated by sp_cortexm.c; real hardware uses 0)
+WOLFSSL_SP_NO_ASM ?= 0
+
 # Library paths - default to sibling directories (clone alongside pattern)
 WOLFSSL_ROOT ?= $(ROOT)/../wolfssl
 WOLFSSH_ROOT ?= $(ROOT)/../wolfssh
@@ -124,8 +128,15 @@ WOLFSSL_SRCS := \
     $(WOLFSSL_ROOT)/wolfcrypt/src/memory.c \
     $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.c \
     $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.c \
-	$(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.c \
-    $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.c \
+    $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.c \
+
+ifeq ($(WOLFSSL_SP_NO_ASM),0)
+WOLFSSL_SRCS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.c
+else
+CFLAGS += -DWOLFSSL_SP_NO_ASM
+endif
+
+WOLFSSL_SRCS += \
     $(WOLFSSL_ROOT)/src/ssl.c \
     $(WOLFSSL_ROOT)/src/tls.c \
     $(WOLFSSL_ROOT)/src/tls13.c \