diff --git a/lib/curl_ntlm.c b/lib/curl_ntlm.c
index a8f8d5326fc97b..4c30e0ad0a454c 100644
--- a/lib/curl_ntlm.c
+++ b/lib/curl_ntlm.c
@@ -229,21 +229,11 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
 
 void Curl_http_ntlm_cleanup(struct connectdata *conn)
 {
-#ifdef USE_WINDOWS_SSPI
   Curl_sasl_ntlm_cleanup(&conn->ntlm);
   Curl_sasl_ntlm_cleanup(&conn->proxyntlm);
-#elif defined(NTLM_WB_ENABLED)
-  Curl_ntlm_wb_cleanup(conn);
-#else
-  (void)conn;
-#endif
-
-#ifndef USE_WINDOWS_SSPI
-  Curl_safefree(conn->ntlm.target_info);
-  conn->ntlm.target_info_len = 0;
 
-  Curl_safefree(conn->proxyntlm.target_info);
-  conn->proxyntlm.target_info_len = 0;
+#if defined(NTLM_WB_ENABLED)
+  Curl_ntlm_wb_cleanup(conn);
 #endif
 }
 
diff --git a/lib/curl_ntlm_msgs.c b/lib/curl_ntlm_msgs.c
index ae433af0151ccc..437536ab72a9cb 100644
--- a/lib/curl_ntlm_msgs.c
+++ b/lib/curl_ntlm_msgs.c
@@ -401,6 +401,7 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
   unsigned long attrs;
   TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
 
+  /* Clean up any former leftovers and initialise to defaults */
   Curl_sasl_ntlm_cleanup(ntlm);
 
   /* Query the security package for NTLM */
@@ -493,7 +494,9 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
                                          domain are empty */
   (void)userp;
   (void)passwdp;
-  (void)ntlm;
+
+  /* Clean up any former leftovers and initialise to defaults */
+  Curl_sasl_ntlm_cleanup(ntlm);
 
 #if USE_NTLM2SESSION
 #define NTLM2FLAG NTLMFLAG_NEGOTIATE_NTLM2_KEY
@@ -993,7 +996,11 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
     return CURLE_CONV_FAILED;
 
   /* Return with binary blob encoded into base64 */
-  return Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, outlen);
+  result = Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, outlen);
+
+  Curl_sasl_ntlm_cleanup(ntlm);
+
+  return result;
 #endif
 }
 
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c
index e50d3d9d5d1413..75af97f5812178 100644
--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@@ -1182,6 +1182,28 @@ CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data,
   return Curl_ntlm_create_type3_message(data, userp, passwdp, ntlm, outptr,
                                         outlen);
 }
+
+#if !defined(USE_WINDOWS_SSPI)
+/*
+ * Curl_sasl_ntlm_cleanup()
+ *
+ * This is used to clean up the ntlm specific data.
+ *
+ * Parameters:
+ *
+ * ntlm    [in/out] - The ntlm data struct being cleaned up.
+ *
+ */
+void Curl_sasl_ntlm_cleanup(struct ntlmdata *ntlm)
+{
+  /* Free the target info */
+  Curl_safefree(ntlm->target_info);
+
+  /* Reset any variables */
+  ntlm->target_info_len = 0;
+}
+#endif /* !USE_WINDOWS_SSPI */
+
 #endif /* USE_NTLM */
 
 /*
@@ -1240,13 +1262,16 @@ void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused)
   if(authused == SASL_MECH_GSSAPI) {
     Curl_sasl_gssapi_cleanup(&conn->krb5);
   }
-#ifdef USE_NTLM
+#endif
+
+#if defined(USE_NTLM)
   /* Cleanup the ntlm structure */
-  else if(authused == SASL_MECH_NTLM) {
+  if(authused == SASL_MECH_NTLM) {
     Curl_sasl_ntlm_cleanup(&conn->ntlm);
   }
 #endif
-#else
+
+#if !defined(USE_KRB5) && !defined(USE_NTLM)
   /* Reserved for future use */
   (void)conn;
   (void)authused;
diff --git a/lib/curl_sasl.h b/lib/curl_sasl.h
index 88a9d9364c4392..74f44650094ea5 100644
--- a/lib/curl_sasl.h
+++ b/lib/curl_sasl.h
@@ -149,10 +149,8 @@ CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data,
                                              struct ntlmdata *ntlm,
                                              char **outptr, size_t *outlen);
 
-#if defined(USE_WINDOWS_SSPI)
 /* This is used to clean up the ntlm specific data */
 void Curl_sasl_ntlm_cleanup(struct ntlmdata *ntlm);
-#endif
 
 #endif /* USE_NTLM */