Correctly erase opal lr when luksFormat action fails.

src/cryptsetup.c

@@ -1420,7 +1420,8 @@ static int strcmp_or_null(const char *str, const char *expected)
 
 int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_passwordLen)
 {
-	int r = -EINVAL, keysize, integrity_keysize = 0, fd, created = 0;
+	bool wipe_signatures = false;
+	int encrypt_type, r = -EINVAL, keysize, integrity_keysize = 0, fd, created = 0;
 	struct stat st;
 	const char *header_device, *type;
 	char *msg = NULL, *key = NULL, *password = NULL;
@@ -1629,7 +1630,7 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password
 					    key, keysize,
 					    password, passwordLen);
 	if (r < 0) {
-		(void) tools_wipe_all_signatures(header_device, true, false);
+		wipe_signatures = true;
 		goto out;
 	}
 	tools_keyslot_msg(r, CREATED);
@@ -1638,17 +1639,31 @@ int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_password
 	    strcmp_or_null(params2.integrity, "none"))
 		r = _wipe_data_device(cd);
 out:
+	crypt_safe_free(key);
+
+	if (r < 0) {
+		encrypt_type = crypt_get_hw_encryption_type(cd);
+		if (encrypt_type == CRYPT_OPAL_HW_ONLY ||
+		    encrypt_type == CRYPT_SW_AND_OPAL_HW) {
+			(void) crypt_wipe_hw_opal(cd, CRYPT_LUKS2_SEGMENT,
+				opal_params.admin_key, opal_params.admin_key_size,
+				0);
+		}
+		if (wipe_signatures)
+			(void) tools_wipe_all_signatures(header_device, true, false);
+	}
+
+	crypt_safe_free(CONST_CAST(void *)opal_params.admin_key);
+
 	if (r >= 0 && r_cd && r_password && r_passwordLen) {
 		*r_cd = cd;
 		*r_password = password;
 		*r_passwordLen = passwordLen;
-	} else {
-		crypt_free(cd);
-		crypt_safe_free(password);
+		return r;
 	}
 
-	crypt_safe_free(key);
-	crypt_safe_free(CONST_CAST(void *)opal_params.admin_key);
+	crypt_free(cd);
+	crypt_safe_free(password);
 
 	return r;
 }