src/internal.c: in ProcessReplyEx() in the verifyMessage case, refactor some gating/conditionalization around ATOMIC_USER, HAVE_ENCRYPT_THEN_MAC, atomicUser, and ssl->options.startedETMRead, to avoid "Logical disjunction always evaluates to true" from cppcheck incorrectLogicOperator (via multi-test cppcheck-force-source) (warned code introduced by 99a99e3).

douzzer · douzzer · commit b81cc50a70fc · 2024-10-02T19:19:39.000-05:00
diff --git a/src/internal.c b/src/internal.c
@@ -21730,16 +21730,19 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
                 else
 #endif
                 {
-#ifdef HAVE_ENCRYPT_THEN_MAC
-                    word16 startedETMRead = ssl->options.startedETMRead;
-#else
-                    word16 startedETMRead = 0;
-#endif
                     /* With atomicUser the callback should have already included
                      * the mac in the padding size. The ETM callback doesn't do
                      * this for some reason. */
-                    if (ssl->specs.cipher_type != aead &&
-                            (!atomicUser || startedETMRead)) {
+                    if (ssl->specs.cipher_type != aead
+#ifdef ATOMIC_USER
+                             && (!atomicUser
+#ifdef HAVE_ENCRYPT_THEN_MAC
+                                 || ssl->options.startedETMRead
+#endif /* HAVE_ENCRYPT_THEN_MAC */
+                                )
+#endif /* !ATOMIC_USER */
+                       )
+                    {
                         /* consider MAC as padding */
                         ssl->keys.padSz += MacSize(ssl);
                     }
