libcrypto: add NULL-check for EVP_CIPHER_CTX_cleanup

On OpenSSL versions prior to 1.1.0, `EVP_CIPHER_CTX_cleanup` will
dereference its argument regardless of whether it is NULL.  This
is not a problem on OpenSSL at or beyond 1.1.0, where
`EVP_CIPHER_CTX_cleanup` (macro to `EVP_CIPHER_CTX_reset`) returns
early upon NULL input.

Move the call to `EVP_CIPHER_CTX_cleanup` under the existing NULL
check in `evp_cipher_cleanup` to avoid the problem.

Introduced with this build-break fix:
 * e66f370682927ca8bd7ae0e7544754c6f4ac4969

Found in manual testing in an environment with an older OpenSSL.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

src/libcrypto.c

@@ -553,8 +553,8 @@ static void evp_cipher_decrypt(struct ssh_cipher_struct *cipher,
 }
 
 static void evp_cipher_cleanup(struct ssh_cipher_struct *cipher) {
-    EVP_CIPHER_CTX_cleanup(cipher->ctx);
     if (cipher->ctx != NULL) {
+        EVP_CIPHER_CTX_cleanup(cipher->ctx);
         EVP_CIPHER_CTX_free(cipher->ctx);
     }
 }