From 6c0772fd7f1c7efe6e40abd6eb1bb7e84d43c06b Mon Sep 17 00:00:00 2001
From: Viktor Szakats <commit@vsz.me>
Date: Thu, 19 Mar 2026 00:37:14 +0100
Subject: [PATCH] openssl: fix memory leaks in ECH code (OpenSSL 3)

Also drop an unnecessary cast.

Found by Codex Security

Follow-up to a362962b7289ec02b412890c9515657cf0ed50ac #11922

Closes #20993
---
 lib/vtls/openssl.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index cbe7898f10..08c20430a2 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -4136,7 +4136,9 @@ static void ossl_trace_ech_retry_configs(struct Curl_easy *data, SSL *ssl,
   else
     infof(data, "ECH: no retry_configs (rv = %d)", rv);
 #ifndef HAVE_BORINGSSL_LIKE
-  OPENSSL_free((void *)rcs);
+  OPENSSL_free(inner);
+  OPENSSL_free(rcs);
+  OPENSSL_free(outer);
 #endif
   return;
 }