diff --git a/configure.ac b/configure.ac
index 9b05cc24..5721a150 100644
--- a/configure.ac
+++ b/configure.ac
@@ -194,6 +194,7 @@ AS_IF([test "x$enable_use_openssl_functions" != "xno"], [
 	AC_CHECK_LIB([crypto], [RSA_set0_key],, not_found=1)
 	AC_CHECK_LIB([crypto], [RSA_set0_factors],, not_found=1)
 	AC_CHECK_LIB([crypto], [RSA_set0_crt_params],, not_found=1)
+	AC_CHECK_LIB([crypto], [RSA_generate_key_ex],, not_found=1)
 	AC_CHECK_LIB([crypto], [EVP_PKEY_CTX_new],, not_found=1)
 	AC_CHECK_LIB([crypto], [EVP_PKEY_assign],, not_found=1)
 	AC_CHECK_LIB([crypto], [EVP_PKEY_encrypt_init],, not_found=1)
diff --git a/src/tpm2/crypto/openssl/CryptRsa.c b/src/tpm2/crypto/openssl/CryptRsa.c
index 96af6527..dd68dc7a 100644
--- a/src/tpm2/crypto/openssl/CryptRsa.c
+++ b/src/tpm2/crypto/openssl/CryptRsa.c
@@ -1102,6 +1102,10 @@ CryptRsaGenerateKey(
 #endif
     // Make sure that key generation has been tested
     TEST(ALG_NULL_VALUE);
+#if USE_OPENSSL_FUNCTIONS_RSA          // libtpms added begin
+    if (rand == NULL)
+        return OpenSSLCryptRsaGenerateKey(rsaKey, e, keySizeInBits);
+#endif                                 // libtpms added end
     // Need to initialize the privateExponent structure
     RsaInitializeExponent(&rsaKey->privateExponent);
     // The prime is computed in P. When a new prime is found, Q is checked to
diff --git a/src/tpm2/crypto/openssl/Helpers.c b/src/tpm2/crypto/openssl/Helpers.c
index 6b0cf30f..8a332599 100644
--- a/src/tpm2/crypto/openssl/Helpers.c
+++ b/src/tpm2/crypto/openssl/Helpers.c
@@ -440,4 +440,56 @@ InitOpenSSLRSAPrivateKey(OBJECT     *rsaKey,   // IN
     return retVal;
 }
 
+LIB_EXPORT TPM_RC
+OpenSSLCryptRsaGenerateKey(
+		    OBJECT              *rsaKey,            // IN/OUT: The object structure in which
+		    //          the key is created.
+		    UINT32               e,
+		    int                  keySizeInBits
+		    )
+{
+    TPMT_PUBLIC         *publicArea = &rsaKey->publicArea;
+    TPMT_SENSITIVE      *sensitive = &rsaKey->sensitive;
+    TPM_RC               retVal = TPM_RC_SUCCESS;
+    int                  rc;
+    RSA                 *rsa = NULL;
+    const BIGNUM        *bnP = NULL;
+    const BIGNUM        *bnN = NULL;
+    BIGNUM              *bnE = BN_new();
+    BN_RSA(tmp);
+
+    if (bnE == NULL || BN_set_word(bnE, e) != 1)
+        ERROR_RETURN(TPM_RC_FAILURE);
+
+    // Need to initialize the privateExponent structure
+    RsaInitializeExponent(&rsaKey->privateExponent);
+
+    rsa = RSA_new();
+    if (rsa == NULL)
+        ERROR_RETURN(TPM_RC_FAILURE);
+
+    rc = RSA_generate_key_ex(rsa, keySizeInBits, bnE, NULL);
+    if (rc == 0)
+        ERROR_RETURN(TPM_RC_NO_RESULT);
+
+    RSA_get0_key(rsa, &bnN, NULL, NULL);
+    RSA_get0_factors(rsa, &bnP, NULL);
+
+    OsslToTpmBn(tmp, bnN);
+    BnTo2B((bigNum)tmp, &publicArea->unique.rsa.b, 0);
+
+    OsslToTpmBn(tmp, bnP);
+    BnTo2B((bigNum)tmp, &sensitive->sensitive.rsa.b, 0);
+
+    // CryptRsaGenerateKey calls ComputePrivateExponent; we have to call
+    // it via CryptRsaLoadPrivateExponent
+    retVal = CryptRsaLoadPrivateExponent(rsaKey);
+
+ Exit:
+    BN_free(bnE);
+    RSA_free(rsa);
+
+    return retVal;
+}
+
 #endif // USE_OPENSSL_FUNCTIONS_RSA
diff --git a/src/tpm2/crypto/openssl/Helpers_fp.h b/src/tpm2/crypto/openssl/Helpers_fp.h
index b5505727..f5f58595 100644
--- a/src/tpm2/crypto/openssl/Helpers_fp.h
+++ b/src/tpm2/crypto/openssl/Helpers_fp.h
@@ -93,6 +93,14 @@ BOOL OpenSSLEccGetPrivate(
 
 const char *GetDigestNameByHashAlg(const TPM_ALG_ID hashAlg);
 
+LIB_EXPORT TPM_RC
+OpenSSLCryptRsaGenerateKey(
+		    OBJECT              *rsaKey,            // IN/OUT: The object structure in which
+		    //          the key is created.
+		    UINT32               e,
+		    int                  keySizeInBits
+		    );
+
 LIB_EXPORT TPM_RC
 InitOpenSSLRSAPublicKey(OBJECT    *key,   // IN
                         EVP_PKEY **pkey   //OUT