From 20d9ea0022c677ab66d6d6082ff48c3e31580b09 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Sat, 28 Mar 2026 16:25:41 -0500
Subject: [PATCH] tests/api.c: in test_wolfSSL_dtls_fragments(), accommodate
 races between threads.

---
 tests/api.c | 36 +++++++++++++++++++++++++-----------
 1 file changed, 25 insertions(+), 11 deletions(-)

diff --git a/tests/api.c b/tests/api.c
index f21bff5d6e7..d9f6b40e906 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -24655,19 +24655,33 @@ static int test_wolfSSL_dtls_fragments(void)
 
         test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server);
 
-        ExpectFalse(func_cb_client.return_code);
-        ExpectFalse(func_cb_server.return_code);
-
-        /* The socket should be closed by the server resulting in a
-         * socket error, fatal error or reading a close notify alert */
-        if (func_cb_client.last_err != WC_NO_ERR_TRACE(SOCKET_ERROR_E) &&
-                func_cb_client.last_err != WOLFSSL_ERROR_ZERO_RETURN &&
-                func_cb_client.last_err != WC_NO_ERR_TRACE(FATAL_ERROR)) {
-            ExpectIntEQ(func_cb_client.last_err, WC_NO_ERR_TRACE(SOCKET_ERROR_E));
+        /* If the client failed, check that the error it encountered was from
+         * the server aborting, resulting in a socket error, fatal error or
+         * reading a close notify alert.
+         *
+         * Under slow execution (e.g. valgrind + noasm), the server may
+         * still be processing fragments when the client completes its
+         * handshake and write, so the client may succeed -- in that
+         * case return_code is TEST_SUCCESS and these checks don't apply.
+         */
+        if (func_cb_client.return_code == TEST_FAIL) {
+            if (func_cb_client.last_err != WC_NO_ERR_TRACE(SOCKET_ERROR_E) &&
+                    func_cb_client.last_err != WOLFSSL_ERROR_ZERO_RETURN &&
+                    func_cb_client.last_err != WC_NO_ERR_TRACE(FATAL_ERROR)) {
+                ExpectIntEQ(func_cb_client.last_err, WC_NO_ERR_TRACE(SOCKET_ERROR_E));
+            }
         }
         /* Check the server returned an error indicating the msg buffer
-         * was full */
-        ExpectIntEQ(func_cb_server.last_err, WC_NO_ERR_TRACE(DTLS_TOO_MANY_FRAGMENTS_E));
+         * was full.
+         *
+         * Under slow execution (e.g. valgrind + noasm), the real handshake
+         * from wolfSSL_negotiate() may complete before enough spam fragments
+         * accumulate to trigger DTLS_TOO_MANY_FRAGMENTS_E. Accept both
+         * outcomes: server hit the fragment limit, or completed normally.
+         */
+        if (func_cb_server.return_code == TEST_FAIL) {
+            ExpectIntEQ(func_cb_server.last_err, WC_NO_ERR_TRACE(DTLS_TOO_MANY_FRAGMENTS_E));
+        }
 
         if (EXPECT_FAIL())
             break;