hkdf zeroization fix

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7106)

crypto/kdf/hkdf.c

@@ -281,6 +281,7 @@ static unsigned char *HKDF_Expand(const EVP_MD *evp_md,
                                   unsigned char *okm, size_t okm_len)
 {
     HMAC_CTX *hmac;
+    unsigned char *ret = NULL;
 
     unsigned int i;
 
@@ -330,11 +331,10 @@ static unsigned char *HKDF_Expand(const EVP_MD *evp_md,
 
         done_len += copy_len;
     }
-
+    ret = okm;
-    HMAC_CTX_free(hmac);
-    return okm;
 
  err:
+    OPENSSL_cleanse(prev, sizeof(prev));
     HMAC_CTX_free(hmac);
-    return NULL;
+    return ret;
 }