[defect]: Calling HMAC_Init_ex() on reused HMAC_CTX causes invalid HMAC output in 3.2.x #5648
Description
What type of defect/bug is this?
incorrect 3rd party API usage
How can the issue be reproduced?
The P_hash() function in src/modules/rlm_eap/libeap/mppe_keys.c makes calls to HMAC_Init_ex() (which is redefined to HMAC3_Init_ex() in src/include/openssl3.h). Unfortunately, this redefined HMAC3_Init_ex() implementation seems to contain a bug where reusing a previously init/update/final'd HMAC_CTX results in a zero return code, causing P_hash() to fail to execute the PRF function correctly, and silently causing invalid PRF output (mostly filled with zeros).
Log output from the FreeRADIUS daemon
Issue is not apparent from any logging output when it occurs; the failure is silent due to a failure to check HMAC_*() return codes in P_hash() and report the problem early on during execution. The resulting HMAC output buffer is simply left unfilled, which ultimately results in, for example, incorrect EAP-FAST MAC values (which correctly-behaving EAP-FAST peers will reject).Relevant log output from client utilities
No response