diff --git a/libgcrypt-1.8.1-getrandom.patch b/libgcrypt-1.8.1-getrandom.patch
new file mode 100644
index 0000000..c343ae6
--- /dev/null
+++ b/libgcrypt-1.8.1-getrandom.patch
@@ -0,0 +1,39 @@
+diff -up libgcrypt-1.8.1/random/rndlinux.c.getrandom libgcrypt-1.8.1/random/rndlinux.c
+--- libgcrypt-1.8.1/random/rndlinux.c.getrandom	2017-09-05 14:34:28.003872675 +0200
++++ libgcrypt-1.8.1/random/rndlinux.c	2017-12-04 09:48:38.704845838 +0100
+@@ -35,6 +35,7 @@
+ #include <poll.h>
+ #if defined(__linux__) && defined(HAVE_SYSCALL)
+ # include <sys/syscall.h>
++# include <linux/random.h>
+ #endif
+ 
+ #include "types.h"
+@@ -204,6 +205,16 @@ _gcry_rndlinux_gather_random (void (*add
+     {
+       if (fd_urandom == -1)
+         {
++#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
++          long ret;
++
++          _gcry_pre_syscall ();
++          ret = syscall (__NR_getrandom,
++                         (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
++          _gcry_post_syscall ();
++        if (ret == -1 && errno == ENOSYS)
++          /* The syscall is not supported - fallback to /dev/urandom. */
++#endif
+           fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
+           ever_opened |= 2;
+         }
+@@ -246,9 +257,7 @@ _gcry_rndlinux_gather_random (void (*add
+               _gcry_post_syscall ();
+             }
+           while (ret == -1 && errno == EINTR);
+-          if (ret == -1 && errno == ENOSYS)
+-            ; /* The syscall is not supported - fallback to /dev/urandom.  */
+-          else
++          if (1)
+             { /* The syscall is supported.  Some sanity checks.  */
+               if (ret == -1)
+                 log_fatal ("unexpected error from getrandom: %s\n",
diff --git a/libgcrypt.spec b/libgcrypt.spec
index 229a6a8..d6639df 100644
--- a/libgcrypt.spec
+++ b/libgcrypt.spec
@@ -1,6 +1,6 @@
 Name: libgcrypt
 Version: 1.8.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 URL: http://www.gnupg.org/
 Source0: libgcrypt-%{version}-hobbled.tar.xz
 # The original libgcrypt sources now contain potentially patented ECC
@@ -35,6 +35,8 @@ Patch18: libgcrypt-1.6.2-fips-ctor.patch
 Patch22: libgcrypt-1.7.3-fips-reqs.patch
 # Fix the t-secmem on PPC64
 Patch23: libgcrypt-1.8.0-build.patch
+# Do not try to open /dev/urandom if getrandom() works
+Patch24: libgcrypt-1.8.1-getrandom.patch
 
 %define gcrylibdir %{_libdir}
 
@@ -79,6 +81,7 @@ applications using libgcrypt.
 %patch18 -p1 -b .fips-ctor
 %patch22 -p1 -b .fips-reqs
 %patch23 -p1 -b .build
+%patch24 -p1 -b .getrandom
 
 cp %{SOURCE4} cipher/
 cp %{SOURCE5} %{SOURCE6} tests/
@@ -192,6 +195,9 @@ exit 0
 %license COPYING
 
 %changelog
+* Mon Dec  4 2017 Tomáš Mráz <tmraz@redhat.com> 1.8.1-2
+- do not try to open /dev/urandom if getrandom() works (#1380866)
+
 * Tue Sep  5 2017 Tomáš Mráz <tmraz@redhat.com> 1.8.1-1
 - new upstream version 1.8.1