From 8b707e8bfcbfd073579ee553b982b4784490f5ea Mon Sep 17 00:00:00 2001

From: Daniel Kopecek <dkopecek@redhat.com>

Date: Wed, 5 Dec 2018 13:18:59 +0100

Subject: [PATCH] clevis-encrypt-tang: check key derivation key is available

 before encryption

---

 src/pins/tang/clevis-encrypt-tang | 6 +++++-

 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/pins/tang/clevis-encrypt-tang b/src/pins/tang/clevis-encrypt-tang

index e65a7d1..7fc55ca 100755

--- a/src/pins/tang/clevis-encrypt-tang

+++ b/src/pins/tang/clevis-encrypt-tang

@@ -114,7 +114,11 @@ elif [ "$thp" != "any" ] && \

 fi

 ### Perform encryption

-enc=`jose jwk use -i- -r -u deriveKey -o- <<< "$jwks"`

+if ! enc=`jose jwk use -i- -r -u deriveKey -o- <<< "$jwks"`; then

+    echo "Key derivation key not available!" >&2

+    exit 1

+fi

+

 jose fmt -j "$enc" -Og keys -A || enc="{\"keys\":[$enc]}"

 for jwk in `jose fmt -j- -Og keys -Af- <<< "$enc"`; do

-- 

2.13.6