diff --git a/lib/dns/dst_openssl.h b/lib/dns/dst_openssl.h
index 188e72cd16..4380d36364 100644
--- a/lib/dns/dst_openssl.h
+++ b/lib/dns/dst_openssl.h
@@ -45,4 +45,7 @@ isc_result_t
 dst__openssl_fromlabel(int key_base_id, const char *engine, const char *label,
 		       const char *pin, EVP_PKEY **ppub, EVP_PKEY **ppriv);
 
+bool
+dst__openssl_compare_keypair(const dst_key_t *key1, const dst_key_t *key2);
+
 ISC_LANG_ENDDECLS
diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
index f23f86443e..c10a978cef 100644
--- a/lib/dns/openssl_link.c
+++ b/lib/dns/openssl_link.c
@@ -353,4 +353,28 @@ dst__openssl_fromlabel(int key_base_id, const char *engine, const char *label,
 					      ppub, ppriv));
 }
 
+bool
+dst__openssl_compare_keypair(const dst_key_t *key1, const dst_key_t *key2) {
+	EVP_PKEY *pkey1 = key1->keydata.pkeypair.pub;
+	EVP_PKEY *pkey2 = key2->keydata.pkeypair.pub;
+
+	if (pkey1 == NULL && pkey2 == NULL) {
+		return (true);
+	} else if (pkey1 == NULL || pkey2 == NULL) {
+		return (false);
+	}
+
+	/* `EVP_PKEY_eq` checks only the public components and parameters. */
+	if (EVP_PKEY_eq(pkey1, pkey2) != 1) {
+		return (false);
+	}
+	/* The private key presence must be same for keys to match. */
+	if ((key1->keydata.pkeypair.priv != NULL) !=
+	    (key2->keydata.pkeypair.priv != NULL))
+	{
+		return (false);
+	}
+	return (true);
+}
+
 /*! \file */
diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
index efef7fe14a..2d657993f7 100644
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -343,30 +343,6 @@ opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
 	return (opensslrsa_verify2(dctx, 0, sig));
 }
 
-static bool
-opensslrsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
-	EVP_PKEY *pkey1 = key1->keydata.pkeypair.pub;
-	EVP_PKEY *pkey2 = key2->keydata.pkeypair.pub;
-
-	if (pkey1 == NULL && pkey2 == NULL) {
-		return (true);
-	} else if (pkey1 == NULL || pkey2 == NULL) {
-		return (false);
-	}
-
-	/* `EVP_PKEY_eq` checks only the public components and parameters. */
-	if (EVP_PKEY_eq(pkey1, pkey2) != 1) {
-		return (false);
-	}
-	/* The private key presence must be same for keys to match. */
-	if ((key1->keydata.pkeypair.priv != NULL) !=
-	    (key2->keydata.pkeypair.priv != NULL))
-	{
-		return (false);
-	}
-	return (true);
-}
-
 #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
 static int
 progress_cb(int p, int n, BN_GENCB *cb) {
@@ -1139,7 +1115,7 @@ static dst_func_t opensslrsa_functions = {
 	opensslrsa_verify,
 	opensslrsa_verify2,
 	NULL, /*%< computesecret */
-	opensslrsa_compare,
+	dst__openssl_compare_keypair,
 	NULL, /*%< paramcompare */
 	opensslrsa_generate,
 	opensslrsa_isprivate,