diff --git a/openssh-7.7p1-fips-warning.patch b/openssh-7.7p1-fips-warning.patch
new file mode 100644
index 0000000..54720cf
--- /dev/null
+++ b/openssh-7.7p1-fips-warning.patch
@@ -0,0 +1,12 @@
+diff -up openssh-8.6p1/sshkey.c.fips openssh-8.6p1/sshkey.c
+--- openssh-8.6p1/sshkey.c.fips	2021-05-06 12:08:36.493926838 +0200
++++ openssh-8.6p1/sshkey.c	2021-05-06 12:08:36.502926908 +0200
+@@ -1705,6 +1707,8 @@ rsa_generate_private_key(u_int bits, RSA
+		goto out;
+
+	if (EVP_PKEY_keygen(ctx, &res) <= 0) {
++		if (FIPS_mode())
++			logit_f("the key length might be unsupported by FIPS mode approved key generation method");
+ 		ret = SSH_ERR_LIBCRYPTO_ERROR;
+ 		goto out;
+ 	}
diff --git a/openssh-7.7p1-fips.patch b/openssh-7.7p1-fips.patch
index 1466b40..8530336 100644
--- a/openssh-7.7p1-fips.patch
+++ b/openssh-7.7p1-fips.patch
@@ -447,15 +447,6 @@ diff -up openssh-8.6p1/sshkey.c.fips openssh-8.6p1/sshkey.c
  	/* Fill in ret from parsed key */
  	ret->type = type;
  	if (sshkey_is_cert(ret)) {
-@@ -1705,6 +1707,8 @@ rsa_generate_private_key(u_int bits, RSA
-		goto out;
-
-	if (EVP_PKEY_keygen(ctx, &res) <= 0) {
-+		if (FIPS_mode())
-+			logit_f("the key length might be unsupported by FIPS mode approved key generation method");
- 		ret = SSH_ERR_LIBCRYPTO_ERROR;
- 		goto out;
- 	}
 @@ -2916,6 +2916,11 @@ sshkey_sign(struct sshkey *key,
  		break;
  	case KEY_ED25519_SK:
diff --git a/openssh.spec b/openssh.spec
index 4353618..8a66c22 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -52,7 +52,7 @@
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 8.7p1
 %global openssh_rel 19
-%global hyperscale_rel 1
+%global hyperscale_rel 2
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 5
 
@@ -254,6 +254,9 @@ Patch1005: openssh-8.7p1-host-based-auth.patch
 # https://github.com/openssh/openssh-portable/pull/323
 Patch1006: openssh-8.7p1-negotiate-supported-algs.patch
 
+# c9s specific logic factored out of openssh-7.7p1-fips.patch
+Patch2000: openssh-7.7p1-fips-warning.patch
+
 License: BSD
 Requires: /sbin/nologin
 
@@ -443,9 +446,10 @@ popd
 
 %patch200 -p1 -b .audit
 %patch201 -p1 -b .audit-race
+%patch700 -p1 -b .fips
 %if 0%{?rhel} > 8
 # This patch is based onto evpgenrsa and doesn't apply cleanly without it
-%patch700 -p1 -b .fips
+%patch2000 -p1 -b .fips-warning
 %endif
 
 %patch1000 -p1 -b .minimize-sha1-use
@@ -735,6 +739,9 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
+* Wed Jul 20 2022 Davide Cavalca <dcavalca@centosproject.org> - 8.7p1-19.2 + 0.10.4-5.2
+- Refactor and reinstate FIPS patch for el8
+
 * Wed Jul 20 2022 Davide Cavalca <dcavalca@centosproject.org> - 8.7p1-19.1 + 0.10.4-5.1
 - Make it build on el8 as well for Hyperscale