From 2e662c6f978b7aa3d4b5273ac48aa92a4ec89c58 Mon Sep 17 00:00:00 2001
From: Jethro Beekman <jethro@fortanix.com>
Date: Wed, 3 May 2023 12:56:54 +0200
Subject: [PATCH] Add comment about version 1 PKCS8 keys not containing a
 public key

Signed-off-by: Jethro Beekman <jethro@fortanix.com>
---
 library/pkparse.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/pkparse.c b/library/pkparse.c
index 617e4fdd9..ade8a04ca 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -590,6 +590,9 @@ static int pk_parse_key_rfc8410_der(mbedtls_ecp_keypair *eck,
         return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
     }
 
+    // pk_parse_key_pkcs8_unencrypted_der() only supports version 1 PKCS8 keys,
+    // which never contain a public key. As such, derive the public key
+    // unconditionally.
     if ((ret = pk_derive_public_key(eck, key, len, f_rng, p_rng)) != 0) {
         mbedtls_ecp_keypair_free(eck);
         return ret;