From b81cc50a70fcefff0868d6e66b1308a00c13cf5b Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Wed, 2 Oct 2024 19:19:39 -0500
Subject: [PATCH] src/internal.c: in ProcessReplyEx() in the verifyMessage
 case, refactor some gating/conditionalization around ATOMIC_USER,
 HAVE_ENCRYPT_THEN_MAC, atomicUser, and ssl->options.startedETMRead, to avoid
 "Logical disjunction always evaluates to true" from cppcheck
 incorrectLogicOperator (via multi-test cppcheck-force-source) (warned code
 introduced by 99a99e3d6e).

---
 src/internal.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index c66dfc4a3..c61dfb341 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -21730,16 +21730,19 @@ default:
                 else
 #endif
                 {
-#ifdef HAVE_ENCRYPT_THEN_MAC
-                    word16 startedETMRead = ssl->options.startedETMRead;
-#else
-                    word16 startedETMRead = 0;
-#endif
                     /* With atomicUser the callback should have already included
                      * the mac in the padding size. The ETM callback doesn't do
                      * this for some reason. */
-                    if (ssl->specs.cipher_type != aead &&
-                            (!atomicUser || startedETMRead)) {
+                    if (ssl->specs.cipher_type != aead
+#ifdef ATOMIC_USER
+                             && (!atomicUser
+#ifdef HAVE_ENCRYPT_THEN_MAC
+                                 || ssl->options.startedETMRead
+#endif /* HAVE_ENCRYPT_THEN_MAC */
+                                )
+#endif /* !ATOMIC_USER */
+                       )
+                    {
                         /* consider MAC as padding */
                         ssl->keys.padSz += MacSize(ssl);
                     }