From 1d32f117456bb6d220ca3f7e99b4680ec7fbd549 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Mon, 23 Sep 2024 14:03:04 +0200
Subject: [PATCH] ssl/ja3: better check for ja3 being enabled

Ticket: 6634

Completes commit 84735251b577a284af3795708786974fd30720b0

Avoids error log in Ja3BufferAddValue about NULL buffer
---
 src/app-layer-ssl.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 3a7a076f6978..bc0c42142f1c 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -1121,8 +1121,7 @@ static inline int TLSDecodeHSHelloExtensionEllipticCurves(SSLState *ssl_state,
     if (!(HAS_SPACE(elliptic_curves_len)))
         goto invalid_length;
 
-    if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
-            SC_ATOMIC_GET(ssl_config.enable_ja3)) {
+    if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) && ja3_elliptic_curves) {
         uint16_t ec_processed_len = 0;
         /* coverity[tainted_data] */
         while (ec_processed_len < elliptic_curves_len)
@@ -1178,8 +1177,7 @@ static inline int TLSDecodeHSHelloExtensionEllipticCurvePF(SSLState *ssl_state,
     if (!(HAS_SPACE(ec_pf_len)))
         goto invalid_length;
 
-    if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
-            SC_ATOMIC_GET(ssl_config.enable_ja3)) {
+    if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) && ja3_elliptic_curves_pf) {
         uint8_t ec_pf_processed_len = 0;
         /* coverity[tainted_data] */
         while (ec_pf_processed_len < ec_pf_len)