diff --git a/basis/io/sockets/secure/openssl/openssl.factor b/basis/io/sockets/secure/openssl/openssl.factor
index 9cf28629f8..3ae50958c5 100644
--- a/basis/io/sockets/secure/openssl/openssl.factor
+++ b/basis/io/sockets/secure/openssl/openssl.factor
@@ -1,14 +1,14 @@
 ! Copyright (C) 2007, 2008, Slava Pestov, Elie CHAFTARI.
 ! See http://factorcode.org/license.txt for BSD license.
 USING: accessors alien alien.c-types alien.data alien.strings
-assocs byte-arrays classes.struct combinators destructors fry io
-io.backend io.buffers io.encodings.8-bit.latin1
+assocs byte-arrays classes.struct combinators destructors fry
+io io.binary io.backend io.buffers io.encodings.8-bit.latin1
 io.encodings.utf8 io.files io.pathnames io.ports io.sockets
 io.sockets.secure io.timeouts kernel libc
 
-locals math math.order math.parser namespaces openssl
-openssl.libcrypto openssl.libssl random sequences splitting
-unicode.case ;
+locals math math.functions math.order math.parser namespaces
+openssl openssl.libcrypto openssl.libssl random sequences
+splitting unicode.case ;
 IN: io.sockets.secure.openssl
 
 GENERIC: ssl-method ( symbol -- method )
@@ -20,6 +20,18 @@ M: TLSv1  ssl-method drop TLSv1_method ;
 
 TUPLE: openssl-context < secure-context aliens sessions ;
 
+<PRIVATE
+
+: bn-bytes-needed ( num -- bytes-required )
+    log2 1 + 8 / ceiling ;
+
+PRIVATE>
+
+: number>bn ( num -- bn )
+    dup bn-bytes-needed >be
+    dup length
+    f BN_bin2bn ; inline
+
 : set-session-cache ( ctx -- )
     handle>>
     [ SSL_SESS_CACHE_BOTH SSL_CTX_set_session_cache_mode ssl-error ]
@@ -113,9 +125,13 @@ M: rsa dispose* handle>> RSA_free ;
 
 : generate-eph-rsa-key ( ctx -- )
     [ handle>> ]
-    [
-        config>> ephemeral-key-bits>> RSA_F4 f f RSA_generate_key
-        dup ssl-error <rsa> &dispose handle>>
+    [| ctx |
+        RSA_new :> rsa-struct
+            rsa-struct
+            ctx config>> ephemeral-key-bits>>
+            RSA_F4 number>bn &BN_clear_free
+            f RSA_generate_key_ex
+        ssl-error rsa-struct <rsa> &dispose handle>>
     ] bi
     SSL_CTX_set_tmp_rsa ssl-error ;
 
diff --git a/basis/openssl/libcrypto/libcrypto.factor b/basis/openssl/libcrypto/libcrypto.factor
index 6a7bb4eaaf..fbe2e0820c 100644
--- a/basis/openssl/libcrypto/libcrypto.factor
+++ b/basis/openssl/libcrypto/libcrypto.factor
@@ -5,8 +5,8 @@
 !
 ! export LD_LIBRARY_PATH=/opt/local/lib
 
-USING: alien alien.c-types alien.libraries alien.syntax
-classes.struct combinators system ;
+USING: alien alien.c-types alien.destructors alien.libraries
+alien.syntax classes.struct combinators system ;
 
 IN: openssl.libcrypto
 
@@ -180,8 +180,9 @@ FUNCTION: void* PEM_read_bio_DHparams ( void* bp, void* x, void* cb,
 ! rsa.h
 ! ===============================================
 
-FUNCTION: void* RSA_generate_key ( int num, ulong e, void* callback,
-                                   void* cb_arg )
+FUNCTION: void* RSA_new ( )
+
+FUNCTION: int RSA_generate_key_ex ( void* rsa int bits, void* e, void* cb )
 
 FUNCTION: int RSA_check_key ( void* rsa )
 
@@ -206,6 +207,7 @@ FUNCTION: void* BN_bin2bn ( void* s, int len, void* ret )
 FUNCTION: int BN_bn2bin ( void* a, void* to )
 
 FUNCTION: void BN_clear_free ( void* a )
+DESTRUCTOR: BN_clear_free
 
 ! ===============================================
 ! ec.h