Commit 8abd64ab61 for openssl.org

commit 8abd64ab61e9ba59539b5bee3e53266ac662172f
Author: Eugene Syromiatnikov <esyr@openssl.org>
Date:   Mon Feb 23 04:33:07 2026 +0100

    ssl/ech/ech_internal.c: avoid superfluous extval check in ossl_ech_early_decrypt

    Remove superfluous extval NULL check on success path, as it cannot
    be NULL, and is already dereferenced earlier.

    Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681447
    Fixes: 6c3edd4f3a8a "Add server-side handling of Encrypted Client Hello"
    Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>

    Reviewed-by: Matt Caswell <matt@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    MergeDate: Wed Feb 25 11:10:41 2026
    (Merged from https://github.com/openssl/openssl/pull/30139)

diff --git a/ssl/ech/ech_internal.c b/ssl/ech/ech_internal.c
index fbc6c5bbf6..3ae7e89a95 100644
--- a/ssl/ech/ech_internal.c
+++ b/ssl/ech/ech_internal.c
@@ -2083,11 +2083,9 @@ int ossl_ech_early_decrypt(SSL_CONNECTION *s, PACKET *outerpkt, PACKET *newpkt)
         ossl_ech_pbuf("clear", clear, clearlen);
     }
 #endif
-    if (extval != NULL) {
-        ossl_ech_encch_free(extval);
-        OPENSSL_free(extval);
-        extval = NULL;
-    }
+    ossl_ech_encch_free(extval);
+    OPENSSL_free(extval);
+    extval = NULL;
     if (s->ext.ech.grease == OSSL_ECH_IS_GREASE) {
         OPENSSL_free(clear);
         return 1;