Would it be feasible to change code that does ->pub_key to call a function that null checks the field and generates the public key if it is absent?
Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 7 Oct 2020, at 9:29 pm, Matt Caswell <m...@openssl.org> wrote: > > Issue #12612 exposes a problem with how we handle keys that contain > private components but not public components. > > There is a widespread assumption in the code that keys with private > components must have public components. There is text in our public > documentation that states this (and that text dates back to 2006). > > OTOH, the code has not always enforced this. Issue #12612 describes a > scenario where this has not historically been enforced, and it now is in > the current 3.0 code causing a regression. > > There are differences of opinion on how this should be handled. Some > have the opinion that we should change the model so that we explicitly > allow private keys to exists without the public components. Others feel > that we should continue with the old model. > > It seems we need a vote to decide this. Here is my proposed vote text: > > We should change the 3.0 code to explicitly allow private components to > exist in keys without the public components also being present. > > Feedback please on the proposed vote text. > > Matt