GELI allows to read a user key from a standard input.
However if user initialize multiple providers at once, the standard
input will be empty for the second and next providers.
This caused GELI to encrypt a master key with an empty key file.
This commits initialize the HMAC with the key file, and then reuse the
finalized structure to generate different encryption keys for different
providers.
Reported by: Nathan Dorfman
Tested by: philip
Security: FreeBSD-SA-23:01.geli
Security: CVE-2023-0751
5fff09660e