Instead of trying to enforce one pkey to contain both a private and a public key pair, refactor the code to have separate public and private pkeys. This is a prerequisite for proper openssl 3.0 providers support and greatly simplifies the code.
74361b0b6e