2 files changed, 15 insertions, 3 deletions

diff --git a/configure.ac b/configure.ac
index 1e9f7412c..8aad45169 100644
--- a/configure.ac
+++ b/configure.ac
@@ -413,6 +413,7 @@ AC_CHECK_HEADERS([ \
         sys/prctl.h \
         sys/pstat.h \
         sys/ptrace.h \
+        sys/random.h \
         sys/select.h \
         sys/stat.h \
         sys/stream.h \
@@ -1786,6 +1787,7 @@ AC_CHECK_FUNCS([ \
         getpgid \
         _getpty \
         getrlimit \
+        getrandom \
         getsid \
         getttyent \
         glob \
diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c
index b6256b4f8..578f69f4f 100644
--- a/openbsd-compat/arc4random.c
+++ b/openbsd-compat/arc4random.c
@@ -33,6 +33,10 @@
 #include <string.h>
 #include <unistd.h>
 
+#ifdef HAVE_SYS_RANDOM_H
+# include <sys/random.h>
+#endif
+
 #ifndef HAVE_ARC4RANDOM
 
 #ifdef WITH_OPENSSL
@@ -78,8 +82,9 @@ _rs_init(u_char *buf, size_t n)
 }
 
 #ifndef WITH_OPENSSL
-#define SSH_RANDOM_DEV "/dev/urandom"
-/* XXX use getrandom() if supported on Linux */
+# ifndef SSH_RANDOM_DEV
+#  define SSH_RANDOM_DEV "/dev/urandom"
+# endif /* SSH_RANDOM_DEV */
 static void
 getrnd(u_char *s, size_t len)
 {
@@ -87,6 +92,11 @@ getrnd(u_char *s, size_t len)
         ssize_t r;
         size_t o = 0;
 
+#ifdef HAVE_GETRANDOM
+        if ((r = getrandom(s, len, 0)) > 0 && (size_t)r == len)
+                return;
+#endif /* HAVE_GETRANDOM */
+
         if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1)
                 fatal("Couldn't open %s: %s", SSH_RANDOM_DEV, strerror(errno));
         while (o < len) {
@@ -101,7 +111,7 @@ getrnd(u_char *s, size_t len)
         }
         close(fd);
 }
-#endif
+#endif /* WITH_OPENSSL */
 
 static void
 _rs_stir(void)