From 8b707e8bfcbfd073579ee553b982b4784490f5ea Mon Sep 17 00:00:00 2001
From: Daniel Kopecek <dkopecek@redhat.com>
Date: Wed, 5 Dec 2018 13:18:59 +0100
Subject: [PATCH] clevis-encrypt-tang: check key derivation key is available
 before encryption

---
 src/pins/tang/clevis-encrypt-tang | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/pins/tang/clevis-encrypt-tang b/src/pins/tang/clevis-encrypt-tang
index e65a7d1..7fc55ca 100755
--- a/src/pins/tang/clevis-encrypt-tang
+++ b/src/pins/tang/clevis-encrypt-tang
@@ -114,7 +114,11 @@ elif [ "$thp" != "any" ] && \
 fi
 
 ### Perform encryption
-enc=`jose jwk use -i- -r -u deriveKey -o- <<< "$jwks"`
+if ! enc=`jose jwk use -i- -r -u deriveKey -o- <<< "$jwks"`; then
+    echo "Key derivation key not available!" >&2
+    exit 1
+fi
+
 jose fmt -j "$enc" -Og keys -A || enc="{\"keys\":[$enc]}"
 
 for jwk in `jose fmt -j- -Og keys -Af- <<< "$enc"`; do
-- 
2.13.6