3009ed
diff --git a/entropy.c b/entropy.c
3009ed
index 2d483b3..b361a04 100644
3009ed
--- a/entropy.c
3009ed
+++ b/entropy.c
3009ed
@@ -234,6 +234,9 @@ seed_rng(void)
3009ed
 	}
3009ed
 #endif /* OPENSSL_PRNG_ONLY */
3009ed
 
3009ed
+#ifdef __linux__
3009ed
+	linux_seed();
3009ed
+#endif /* __linux__ */
3009ed
 	if (RAND_status() != 1)
3009ed
 		fatal("PRNG is not seeded");
3009ed
 
3009ed
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
3009ed
index b912dbe..9206337 100644
3009ed
--- a/openbsd-compat/Makefile.in
3009ed
+++ b/openbsd-compat/Makefile.in
3009ed
@@ -20,6 +20,7 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o di
3009ed
 	port-solaris.o \
3009ed
 	port-net.o \
3009ed
 	port-uw.o \
3009ed
+	port-linux-prng.o \
3009ed
 	port-linux-sshd.o
3009ed
 
3009ed
 .c.o:
3009ed
diff -up openssh-7.4p1/openbsd-compat/port-linux.h.entropy openssh-7.4p1/openbsd-compat/port-linux.h
3009ed
--- openssh-7.4p1/openbsd-compat/port-linux.h.entropy	2016-12-23 18:34:27.747753563 +0100
3009ed
+++ openssh-7.4p1/openbsd-compat/port-linux.h	2016-12-23 18:34:27.769753570 +0100
3009ed
@@ -34,4 +34,6 @@ void oom_adjust_restore(void);
3009ed
 void oom_adjust_setup(void);
3009ed
 #endif
3009ed
 
3009ed
+void linux_seed(void);
3009ed
+
3009ed
 #endif /* ! _PORT_LINUX_H */
3009ed
diff --git a/openbsd-compat/port-linux-prng.c b/openbsd-compat/port-linux-prng.c
3009ed
new file mode 100644
3009ed
index 0000000..92a617c
3009ed
--- /dev/null
3009ed
+++ b/openbsd-compat/port-linux-prng.c
3009ed
@@ -0,0 +1,78 @@
3009ed
+/*
3009ed
+ * Copyright (c) 2011 - 2020 Red Hat, Inc.
3009ed
+ *
3009ed
+ * Authors:
3009ed
+ *  Jan F. Chadima <jchadima@redhat.com>
3009ed
+ *  Jakub Jelen <jjelen@redhat.com>
3009ed
+ *
3009ed
+ * Permission to use, copy, modify, and distribute this software for any
3009ed
+ * purpose with or without fee is hereby granted, provided that the above
3009ed
+ * copyright notice and this permission notice appear in all copies.
3009ed
+ *
3009ed
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
3009ed
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
3009ed
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
3009ed
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
3009ed
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
3009ed
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
3009ed
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
3009ed
+ */
3009ed
+
3009ed
+/*
3009ed
+ * Linux-specific portability code - prng support
3009ed
+ */
3009ed
+
3009ed
+#include "includes.h"
3009ed
+
3009ed
+#include <errno.h>
3009ed
+#include <string.h>
3009ed
+#include <openssl/rand.h>
3009ed
+#include <sys/random.h>
3009ed
+
3009ed
+#include "log.h"
3009ed
+
3009ed
+void
3009ed
+linux_seed(void)
3009ed
+{
3009ed
+	char *env = NULL;
3009ed
+	size_t randlen = 14, left;
3009ed
+	unsigned int flags = 0;
3009ed
+	unsigned char buf[256], *p;
3009ed
+
3009ed
+	env = getenv("SSH_USE_STRONG_RNG");
3009ed
+	if (env && strcmp(env, "0") != 0) {
3009ed
+		size_t ienv = atoi(env);
3009ed
+
3009ed
+		/* Max on buffer length */
3009ed
+		if (ienv > sizeof(buf))
3009ed
+			ienv = sizeof(buf);
3009ed
+		/* Minimum is always 14 B */
3009ed
+		if (ienv > randlen)
3009ed
+			randlen = ienv;
3009ed
+		flags = GRND_RANDOM;
3009ed
+	}
3009ed
+
3009ed
+	errno = 0;
3009ed
+	left = randlen;
3009ed
+	p = buf;
3009ed
+	do {
3009ed
+		ssize_t len = getrandom(p, left, flags);
3009ed
+		if (len == -1) {
3009ed
+			if (errno != EINTR) {
3009ed
+				if (flags) {
3009ed
+					/* With the variable present, this is fatal error */
3009ed
+					fatal("Failed to seed from getrandom: %s", strerror(errno));
3009ed
+				} else {
3009ed
+					/* Otherwise we log the issue drop out from here */
3009ed
+					debug("Failed to seed from getrandom: %s", strerror(errno));
3009ed
+					return;
3009ed
+				}
3009ed
+			}
3009ed
+		} else if (len > 0) {
3009ed
+			left -= len;
3009ed
+			p += len;
3009ed
+		}
3009ed
+	} while (left > 0);
3009ed
+
3009ed
+	RAND_seed(buf, randlen);
3009ed
+}
3009ed
diff --git a/ssh-add.1 b/ssh-add.1
3009ed
index 4812448..16305bf 100644
3009ed
--- a/ssh-add.1
3009ed
+++ b/ssh-add.1
3009ed
@@ -161,6 +161,22 @@ to make this work.)
3009ed
 Identifies the path of a
3009ed
 .Ux Ns -domain
3009ed
 socket used to communicate with the agent.
3009ed
+.It Ev SSH_USE_STRONG_RNG
3009ed
+The reseeding of the OpenSSL random generator is usually done from
3009ed
+.Cm getrandom(1)
3009ed
+without any specific flags.
3009ed
+If the
3009ed
+.Cm SSH_USE_STRONG_RNG
3009ed
+environment variable is set to value other than
3009ed
+.Cm 0
3009ed
+the OpenSSL random generator is reseeded from
3009ed
+.Cm getrandom(1)
3009ed
+with GRND_RANDOM flag specified.
3009ed
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
3009ed
+Minimum is 14 bytes.
3009ed
+This setting is not recommended on the computers without the hardware
3009ed
+random generator because insufficient entropy causes the connection to
3009ed
+be blocked until enough entropy is available.
3009ed
 .El
3009ed
 .Sh FILES
3009ed
 .Bl -tag -width Ds
3009ed
diff --git a/ssh-agent.1 b/ssh-agent.1
3009ed
index 281ecbd..1a9a635 100644
3009ed
--- a/ssh-agent.1
3009ed
+++ b/ssh-agent.1
3009ed
@@ -201,6 +201,26 @@ sockets used to contain the connection to the authentication agent.
3009ed
 These sockets should only be readable by the owner.
3009ed
 The sockets should get automatically removed when the agent exits.
3009ed
 .El
3009ed
+.Sh ENVIRONMENT
3009ed
+.Bl -tag -width Ds -compact
3009ed
+.Pp
3009ed
+.It Pa SSH_USE_STRONG_RNG
3009ed
+The reseeding of the OpenSSL random generator is usually done from
3009ed
+.Cm getrandom(1)
3009ed
+without any specific flags.
3009ed
+If the
3009ed
+.Cm SSH_USE_STRONG_RNG
3009ed
+environment variable is set to value other than
3009ed
+.Cm 0
3009ed
+the OpenSSL random generator is reseeded from
3009ed
+.Cm getrandom(1)
3009ed
+with GRND_RANDOM flag specified.
3009ed
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
3009ed
+Minimum is 14 bytes.
3009ed
+This setting is not recommended on the computers without the hardware
3009ed
+random generator because insufficient entropy causes the connection to
3009ed
+be blocked until enough entropy is available.
3009ed
+.El
3009ed
 .Sh SEE ALSO
3009ed
 .Xr ssh 1 ,
3009ed
 .Xr ssh-add 1 ,
3009ed
diff --git a/ssh-keygen.1 b/ssh-keygen.1
3009ed
index 12e00d4..1b51a4a 100644
3009ed
--- a/ssh-keygen.1
3009ed
+++ b/ssh-keygen.1
3009ed
@@ -832,6 +832,26 @@ Contains Diffie-Hellman groups used for DH-GEX.
3009ed
 The file format is described in
3009ed
 .Xr moduli 5 .
3009ed
 .El
3009ed
+.Sh ENVIRONMENT
3009ed
+.Bl -tag -width Ds -compact
3009ed
+.Pp
3009ed
+.It Pa SSH_USE_STRONG_RNG
3009ed
+The reseeding of the OpenSSL random generator is usually done from
3009ed
+.Cm getrandom(1)
3009ed
+without any specific flags.
3009ed
+If the
3009ed
+.Cm SSH_USE_STRONG_RNG
3009ed
+environment variable is set to value other than
3009ed
+.Cm 0
3009ed
+the OpenSSL random generator is reseeded from
3009ed
+.Cm getrandom(1)
3009ed
+with GRND_RANDOM flag specified.
3009ed
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
3009ed
+Minimum is 14 bytes.
3009ed
+This setting is not recommended on the computers without the hardware
3009ed
+random generator because insufficient entropy causes the connection to
3009ed
+be blocked until enough entropy is available.
3009ed
+.El
3009ed
 .Sh SEE ALSO
3009ed
 .Xr ssh 1 ,
3009ed
 .Xr ssh-add 1 ,
3009ed
diff --git a/ssh-keysign.8 b/ssh-keysign.8
3009ed
index 69d0829..02d79f8 100644
3009ed
--- a/ssh-keysign.8
3009ed
+++ b/ssh-keysign.8
3009ed
@@ -80,6 +80,26 @@ must be set-uid root if host-based authentication is used.
3009ed
 If these files exist they are assumed to contain public certificate
3009ed
 information corresponding with the private keys above.
3009ed
 .El
3009ed
+.Sh ENVIRONMENT
3009ed
+.Bl -tag -width Ds -compact
3009ed
+.Pp
3009ed
+.It Pa SSH_USE_STRONG_RNG
3009ed
+The reseeding of the OpenSSL random generator is usually done from
3009ed
+.Cm getrandom(1)
3009ed
+without any specific flags.
3009ed
+If the
3009ed
+.Cm SSH_USE_STRONG_RNG
3009ed
+environment variable is set to value other than
3009ed
+.Cm 0
3009ed
+the OpenSSL random generator is reseeded from
3009ed
+.Cm getrandom(1)
3009ed
+with GRND_RANDOM flag specified.
3009ed
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
3009ed
+Minimum is 14 bytes.
3009ed
+This setting is not recommended on the computers without the hardware
3009ed
+random generator because insufficient entropy causes the connection to
3009ed
+be blocked until enough entropy is available.
3009ed
+.El
3009ed
 .Sh SEE ALSO
3009ed
 .Xr ssh 1 ,
3009ed
 .Xr ssh-keygen 1 ,
3009ed
diff --git a/ssh.1 b/ssh.1
3009ed
index 929904b..f65e42f 100644
3009ed
--- a/ssh.1
3009ed
+++ b/ssh.1
3009ed
@@ -1309,6 +1309,25 @@ For more information, see the
3009ed
 .Cm PermitUserEnvironment
3009ed
 option in
3009ed
 .Xr sshd_config 5 .
3009ed
+.Bl -tag -width "SSH_ORIGINAL_COMMAND"
3009ed
+.Pp
3009ed
+.It Ev SSH_USE_STRONG_RNG
3009ed
+The reseeding of the OpenSSL random generator is usually done from
3009ed
+.Cm getrandom(1)
3009ed
+without any specific flags.
3009ed
+If the
3009ed
+.Cm SSH_USE_STRONG_RNG
3009ed
+environment variable is set to value other than
3009ed
+.Cm 0
3009ed
+the OpenSSL random generator is reseeded from
3009ed
+.Cm getrandom(1)
3009ed
+with GRND_RANDOM flag specified.
3009ed
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
3009ed
+Minimum is 14 bytes.
3009ed
+This setting is not recommended on the computers without the hardware
3009ed
+random generator because insufficient entropy causes the connection to
3009ed
+be blocked until enough entropy is available.
3009ed
+.El
3009ed
 .Sh FILES
3009ed
 .Bl -tag -width Ds -compact
3009ed
 .It Pa ~/.rhosts
3009ed
diff --git a/sshd.8 b/sshd.8
3009ed
index c2c237f..058d37a 100644
3009ed
--- a/sshd.8
3009ed
+++ b/sshd.8
3009ed
@@ -951,6 +951,26 @@ concurrently for different ports, this contains the process ID of the one
3009ed
 started last).
3009ed
 The content of this file is not sensitive; it can be world-readable.
3009ed
 .El
3009ed
+.Sh ENVIRONMENT
3009ed
+.Bl -tag -width Ds -compact
3009ed
+.Pp
3009ed
+.It Ev SSH_USE_STRONG_RNG
3009ed
+The reseeding of the OpenSSL random generator is usually done from
3009ed
+.Cm getrandom(1)
3009ed
+without any specific flags.
3009ed
+If the
3009ed
+.Cm SSH_USE_STRONG_RNG
3009ed
+environment variable is set to value other than
3009ed
+.Cm 0
3009ed
+the OpenSSL random generator is reseeded from
3009ed
+.Cm getrandom(1)
3009ed
+with GRND_RANDOM flag specified.
3009ed
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
3009ed
+Minimum is 14 bytes.
3009ed
+This setting is not recommended on the computers without the hardware
3009ed
+random generator because insufficient entropy causes the connection to
3009ed
+be blocked until enough entropy is available.
3009ed
+.El
3009ed
 .Sh IPV6
3009ed
 IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
3009ed
 .Sh SEE ALSO
3009ed