This is completely mechanical, but a second set of eyes won't hurt. It won't build on -current since the API will only be exposed in the next bump.
Index: auxil.c =================================================================== RCS file: /cvs/src/lib/libkeynote/auxil.c,v retrieving revision 1.11 diff -u -p -r1.11 auxil.c --- auxil.c 14 Dec 2015 03:35:40 -0000 1.11 +++ auxil.c 11 Jan 2022 12:07:17 -0000 @@ -53,22 +53,22 @@ keynote_keyhash(void *key, int alg) { case KEYNOTE_ALGORITHM_DSA: dsa = (DSA *) key; - res += BN_mod_word(dsa->p, HASHTABLESIZE); - res += BN_mod_word(dsa->q, HASHTABLESIZE); - res += BN_mod_word(dsa->g, HASHTABLESIZE); - res += BN_mod_word(dsa->pub_key, HASHTABLESIZE); + res += BN_mod_word(DSA_get0_p(dsa), HASHTABLESIZE); + res += BN_mod_word(DSA_get0_q(dsa), HASHTABLESIZE); + res += BN_mod_word(DSA_get0_g(dsa), HASHTABLESIZE); + res += BN_mod_word(DSA_get0_pub_key(dsa), HASHTABLESIZE); return res % HASHTABLESIZE; case KEYNOTE_ALGORITHM_RSA: rsa = (RSA *) key; - res += BN_mod_word(rsa->n, HASHTABLESIZE); - res += BN_mod_word(rsa->e, HASHTABLESIZE); + res += BN_mod_word(RSA_get0_n(rsa), HASHTABLESIZE); + res += BN_mod_word(RSA_get0_e(rsa), HASHTABLESIZE); return res % HASHTABLESIZE; case KEYNOTE_ALGORITHM_X509: /* RSA-specific */ rsa = (RSA *) key; - res += BN_mod_word(rsa->n, HASHTABLESIZE); - res += BN_mod_word(rsa->e, HASHTABLESIZE); + res += BN_mod_word(RSA_get0_n(rsa), HASHTABLESIZE); + res += BN_mod_word(RSA_get0_e(rsa), HASHTABLESIZE); return res % HASHTABLESIZE; case KEYNOTE_ALGORITHM_BINARY: Index: signature.c =================================================================== RCS file: /cvs/src/lib/libkeynote/signature.c,v retrieving revision 1.27 diff -u -p -r1.27 signature.c --- signature.c 24 Nov 2021 04:32:52 -0000 1.27 +++ signature.c 11 Jan 2022 12:07:17 -0000 @@ -588,10 +588,10 @@ kn_keycompare(void *key1, void *key2, in case KEYNOTE_ALGORITHM_DSA: p1 = (DSA *) key1; p2 = (DSA *) key2; - if (!BN_cmp(p1->p, p2->p) && - !BN_cmp(p1->q, p2->q) && - !BN_cmp(p1->g, p2->g) && - !BN_cmp(p1->pub_key, p2->pub_key)) + if (!BN_cmp(DSA_get0_p(p1), DSA_get0_p(p2)) && + !BN_cmp(DSA_get0_q(p1), DSA_get0_q(p2)) && + !BN_cmp(DSA_get0_g(p1), DSA_get0_g(p2)) && + !BN_cmp(DSA_get0_pub_key(p1), DSA_get0_pub_key(p2))) return RESULT_TRUE; else return RESULT_FALSE; @@ -599,8 +599,8 @@ kn_keycompare(void *key1, void *key2, in case KEYNOTE_ALGORITHM_X509: p3 = (RSA *) key1; p4 = (RSA *) key2; - if (!BN_cmp(p3->n, p4->n) && - !BN_cmp(p3->e, p4->e)) + if (!BN_cmp(RSA_get0_n(p3), RSA_get0_n(p4)) && + !BN_cmp(RSA_get0_e(p3), RSA_get0_e(p4))) return RESULT_TRUE; else return RESULT_FALSE; @@ -608,8 +608,8 @@ kn_keycompare(void *key1, void *key2, in case KEYNOTE_ALGORITHM_RSA: p3 = (RSA *) key1; p4 = (RSA *) key2; - if (!BN_cmp(p3->n, p4->n) && - !BN_cmp(p3->e, p4->e)) + if (!BN_cmp(RSA_get0_n(p3), RSA_get0_n(p4)) && + !BN_cmp(RSA_get0_e(p3), RSA_get0_e(p4))) return RESULT_TRUE; else return RESULT_FALSE;