diff --git a/lib/util/getentropy.c b/lib/util/getentropy.c
index 3a649b62c..3e3d128eb 100644
--- a/lib/util/getentropy.c
+++ b/lib/util/getentropy.c
@@ -64,6 +64,9 @@
 #ifdef HAVE_DL_ITERATE_PHDR
 # include <link.h>
 #endif
+#ifdef HAVE_OPENSSL
+# include <openssl/rand.h>
+#endif
 
 #include "sudo_compat.h"
 #include "sudo_digest.h"
@@ -130,6 +133,11 @@ sudo_getentropy(void *buf, size_t len)
 	if (ret != -1)
 		return (ret);
 
+#ifdef HAVE_OPENSSL
+	if (RAND_bytes(buf, len) == 1)
+		return (0);
+#endif
+
 	ret = getentropy_sysctl(buf, len);
 	if (ret != -1)
 		return (ret);