From 583fbfdb2a0836fdeec55a8acb2c37e19346c3c7 Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Fri, 8 Dec 2017 09:44:33 +0100
Subject: [PATCH] drop keyring key after successful crypt_suspend

due to wrong sequence of function calls the volume key
(if present) in keyring was never dropped properly.
---
 lib/setup.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/lib/setup.c b/lib/setup.c
index 8fe3512d..40f8b8b4 100644
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -2383,17 +2383,16 @@ int crypt_suspend(struct crypt_device *cd,
 		goto out;
 	}
 
+	key_desc = crypt_get_device_key_description(name);
+
 	r = dm_suspend_and_wipe_key(cd, name);
 	if (r == -ENOTSUP)
 		log_err(cd, _("Suspend is not supported for device %s.\n"), name);
 	else if (r)
 		log_err(cd, _("Error during suspending device %s.\n"), name);
-
-	if (!r) {
-		key_desc = crypt_get_device_key_description(name);
+	else
 		crypt_drop_keyring_key(cd, key_desc);
-		free(key_desc);
-	}
+	free(key_desc);
 out:
 	dm_backend_exit();
 	return r;