diff --git a/crypto/fipsmodule/rsa/rsa_impl.c b/crypto/fipsmodule/rsa/rsa_impl.c
index 25ec3ae66d5..3922ba4afed 100644
--- a/crypto/fipsmodule/rsa/rsa_impl.c
+++ b/crypto/fipsmodule/rsa/rsa_impl.c
@@ -1257,7 +1257,7 @@ int RSA_generate_key_fips(RSA *rsa, int bits, BN_GENCB *cb) {
   // integer and greater than or equal to 2048 bits. Furthermore, this standard
   // specifies that p and q be of the same bit length – namely, half the bit
   // length of n
-  if (bits < 2048 || bits % 2 != 0) {
+  if (bits < 2048 || bits % 128 != 0) {
     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_RSA_PARAMETERS);
     return 0;
   }
diff --git a/crypto/fipsmodule/service_indicator/service_indicator.c b/crypto/fipsmodule/service_indicator/service_indicator.c
index 928fbb25a1d..02dbe48546f 100644
--- a/crypto/fipsmodule/service_indicator/service_indicator.c
+++ b/crypto/fipsmodule/service_indicator/service_indicator.c
@@ -298,9 +298,10 @@ void ECDH_verify_service_indicator(const EC_KEY *ec_key) {
 void EVP_PKEY_keygen_verify_service_indicator(const EVP_PKEY *pkey) {
   if (pkey->type == EVP_PKEY_RSA || pkey->type == EVP_PKEY_RSA_PSS) {
     // The approved RSA key sizes for signing are key sizes >= 2048 bits and
-    // bits % 2 == 0.
+    // bits % 2 == 0, though we check bits % 128 == 0 for consistency with
+    // our RSA key generation.
     size_t n_bits = RSA_bits(pkey->pkey.rsa);
-    if (n_bits >= 2048 && n_bits % 2 == 0) {
+    if (n_bits >= 2048 && n_bits % 128 == 0) {
       FIPS_service_indicator_update_state();
     }
   } else if (pkey->type == EVP_PKEY_EC) {