Merge pull request #10098 from douzzer/20260328-test_wolfSSL_dtls_fragments-race-mitigation

20260328-test_wolfSSL_dtls_fragments-race-mitigation
This commit is contained in:
JacobBarthelmeh
2026-03-30 10:29:31 -06:00
committed by GitHub
+25 -11
View File
@@ -24655,19 +24655,33 @@ static int test_wolfSSL_dtls_fragments(void)
test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server);
ExpectFalse(func_cb_client.return_code);
ExpectFalse(func_cb_server.return_code);
/* The socket should be closed by the server resulting in a
* socket error, fatal error or reading a close notify alert */
if (func_cb_client.last_err != WC_NO_ERR_TRACE(SOCKET_ERROR_E) &&
func_cb_client.last_err != WOLFSSL_ERROR_ZERO_RETURN &&
func_cb_client.last_err != WC_NO_ERR_TRACE(FATAL_ERROR)) {
ExpectIntEQ(func_cb_client.last_err, WC_NO_ERR_TRACE(SOCKET_ERROR_E));
/* If the client failed, check that the error it encountered was from
* the server aborting, resulting in a socket error, fatal error or
* reading a close notify alert.
*
* Under slow execution (e.g. valgrind + noasm), the server may
* still be processing fragments when the client completes its
* handshake and write, so the client may succeed -- in that
* case return_code is TEST_SUCCESS and these checks don't apply.
*/
if (func_cb_client.return_code == TEST_FAIL) {
if (func_cb_client.last_err != WC_NO_ERR_TRACE(SOCKET_ERROR_E) &&
func_cb_client.last_err != WOLFSSL_ERROR_ZERO_RETURN &&
func_cb_client.last_err != WC_NO_ERR_TRACE(FATAL_ERROR)) {
ExpectIntEQ(func_cb_client.last_err, WC_NO_ERR_TRACE(SOCKET_ERROR_E));
}
}
/* Check the server returned an error indicating the msg buffer
* was full */
ExpectIntEQ(func_cb_server.last_err, WC_NO_ERR_TRACE(DTLS_TOO_MANY_FRAGMENTS_E));
* was full.
*
* Under slow execution (e.g. valgrind + noasm), the real handshake
* from wolfSSL_negotiate() may complete before enough spam fragments
* accumulate to trigger DTLS_TOO_MANY_FRAGMENTS_E. Accept both
* outcomes: server hit the fragment limit, or completed normally.
*/
if (func_cb_server.return_code == TEST_FAIL) {
ExpectIntEQ(func_cb_server.last_err, WC_NO_ERR_TRACE(DTLS_TOO_MANY_FRAGMENTS_E));
}
if (EXPECT_FAIL())
break;