diff --git a/CHANGES b/CHANGES
index 2e10a0f8c5ad956b8f658cb4fe51e085fcdd60a2..0bb813b7d0499da61a82b171d3999b97287f4829 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 2000]
 
+  *) Add -rand argument to smime and pkcs12 applications and read/write
+     of seed file.
+     [Steve Henson]
+
   *) New 'passwd' tool for crypt(3) and apr1 password hashes.
      [Bodo Moeller]
 
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index a54555b46778df6414914445d762d627d5a4c674..7b129029480f9ed5846b9ecaa9f1a765a0381a1c 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -114,6 +114,7 @@ int MAIN(int argc, char **argv)
     STACK *canames = NULL;
     char *cpass = NULL, *mpass = NULL;
     char *passin = NULL, *passout = NULL;
+    char *inrand = NULL;
 
     apps_startup();
 
@@ -170,6 +171,11 @@ int MAIN(int argc, char **argv)
 					badarg = 1;
 				}
 			} else badarg = 1;
+		} else if (!strcmp (*args, "-rand")) {
+		    if (args[1]) {
+			args++;	
+			inrand = *args;
+		    } else badarg = 1;
 		} else if (!strcmp (*args, "-inkey")) {
 		    if (args[1]) {
 			args++;	
@@ -212,7 +218,7 @@ int MAIN(int argc, char **argv)
 			if(!(passin= getenv(*args))) {
 				BIO_printf(bio_err,
 				 "Can't read environment variable %s\n",
-								*argv);
+								*args);
 				badarg = 1;
 			}
 		    } else badarg = 1;
@@ -222,7 +228,7 @@ int MAIN(int argc, char **argv)
 			if(!(passout= getenv(*args))) {
 				BIO_printf(bio_err,
 				 "Can't read environment variable %s\n",
-								*argv);
+								*args);
 				badarg = 1;
 			}
 		    } else badarg = 1;
@@ -290,6 +296,9 @@ int MAIN(int argc, char **argv)
 	BIO_printf (bio_err, "-envpassin p  environment variable containing input file pass phrase\n");
 	BIO_printf (bio_err, "-passout p    output file pass phrase\n");
 	BIO_printf (bio_err, "-envpassout p environment variable containing output file pass phrase\n");
+	BIO_printf(bio_err,  "-rand file:file:...\n");
+	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
+	BIO_printf(bio_err,  "              the random number generator\n");
     	goto end;
     }
 
@@ -306,6 +315,12 @@ int MAIN(int argc, char **argv)
 	mpass = macpass;
     }
 
+    if(export_cert || inrand) {
+    	app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+        if (inrand != NULL)
+		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+			app_RAND_load_files(inrand));
+    }
     ERR_load_crypto_strings();
 
 #ifdef CRYPTO_MDEBUG
@@ -558,6 +573,7 @@ int MAIN(int argc, char **argv)
     PKCS12_free(p12);
     ret = 0;
     end:
+    if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);
 #ifdef CRYPTO_MDEBUG
     CRYPTO_remove_all_info();
 #endif
diff --git a/apps/smime.c b/apps/smime.c
index 9c84841168b88532c4f04547e80f46e886ccb08b..0d87960d69e315cd4f686e032de2fc54f7158c9e 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -102,7 +102,8 @@ int MAIN(int argc, char **argv)
 	int flags = PKCS7_DETACHED;
 	char *to = NULL, *from = NULL, *subject = NULL;
 	char *CAfile = NULL, *CApath = NULL, *passin = NULL;
-
+	char *inrand = NULL;
+	int need_rand = 0;
 	args = argv + 1;
 
 	ret = 1;
@@ -145,17 +146,27 @@ int MAIN(int argc, char **argv)
 				flags |= PKCS7_BINARY;
 		else if (!strcmp (*args, "-nosigs"))
 				flags |= PKCS7_NOSIGS;
-		else if (!strcmp(*argv,"-passin")) {
-			if (--argc < 1) badarg = 1;
-			else passin= *(++argv);
+		else if (!strcmp(*args,"-rand")) {
+			if (args[1]) {
+				args++;
+				inrand = *args;
+			} else badarg = 1;
+			need_rand = 1;
+		} else if (!strcmp(*args,"-passin")) {
+			if (args[1]) {
+				args++;
+				passin = *args;
+			} else badarg = 1;
 		} else if (!strcmp(*argv,"-envpassin")) {
-			if (--argc < 1) badarg = 1;
-			else if(!(passin= getenv(*(++argv)))) {
-				BIO_printf(bio_err,
-				 "Can't read environment variable %s\n",
-								*argv);
-				badarg = 1;
-			}
+			if (args[1]) {
+				args++;
+				if(!(passin= getenv(*args))) {
+					BIO_printf(bio_err,
+					 "Can't read environment variable %s\n",
+								*args);
+					badarg = 1;
+				}
+			} else badarg = 1;
 		} else if (!strcmp (*args, "-to")) {
 			if (args[1]) {
 				args++;
@@ -220,6 +231,7 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err, "No signer certificate specified\n");
 			badarg = 1;
 		}
+		need_rand = 1;
 	} else if(operation == SMIME_DECRYPT) {
 		if(!recipfile) {
 			BIO_printf(bio_err, "No recipient certificate and key specified\n");
@@ -230,6 +242,7 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
 			badarg = 1;
 		}
+		need_rand = 1;
 	} else if(!operation) badarg = 1;
 
 	if (badarg) {
@@ -268,10 +281,20 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
 		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
+		BIO_printf(bio_err,  "-rand file:file:...\n");
+		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
+		BIO_printf(bio_err,  "               the random number generator\n");
 		BIO_printf (bio_err, "cert.pem       recipient certificate(s) for encryption\n");
 		goto end;
 	}
 
+	if (need_rand) {
+		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+		if (inrand != NULL)
+			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+				app_RAND_load_files(inrand));
+	}
+
 	ret = 2;
 
 	if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED;
@@ -499,6 +522,8 @@ end:
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_remove_all_info();
 #endif
+	if (need_rand)
+		app_RAND_write_file(NULL, bio_err);
 	if(ret) ERR_print_errors(bio_err);
 	sk_X509_pop_free(encerts, X509_free);
 	sk_X509_pop_free(other, X509_free);
diff --git a/doc/apps/pkcs12.pod b/doc/apps/pkcs12.pod
index 6a17b910b66e793c48e3c5241f8ce3a4489bd826..d8cace9d0a116f35cac4a060d6e60223698efb6d 100644
--- a/doc/apps/pkcs12.pod
+++ b/doc/apps/pkcs12.pod
@@ -41,6 +41,7 @@ B<openssl> B<pkcs12>
 [B<-envpassin var>]
 [B<-passout password>]
 [B<-envpassout var>]
+[B<-rand file(s)>]
 
 =head1 DESCRIPTION
 
@@ -253,6 +254,13 @@ option.
 This option is included for compatibility with previous versions, it used
 to be needed to use MAC iterations counts but they are now used by default.
 
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator. Multiple files can be specified separated by a OS-dependent
+character.  For MS-Windows, the separator is B<;>.  For OpenVMS, it's
+B<,>.  For all others, it's B<:>.
+
 =back
 
 =head1 NOTES
diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod
index b43fb6dc1ba2efa79bba530b43bf77b9ebf6ffe0..79e070d6aad55a6d323293aebd923c1896333ec5 100644
--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@@ -28,6 +28,7 @@ B<openssl> B<smime>
 [B<-from ad>]
 [B<-subject s>]
 [B<-text>]
+[B<-rand file(s)>]
 [cert.pem]...
 
 =head1 DESCRIPTION
@@ -173,6 +174,13 @@ corresponding certificate. If this option is not specified then the
 private key must be included in the certificate file specified with
 the B<-recip> or B<-signer> file.
 
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator. Multiple files can be specified separated by a OS-dependent
+character.  For MS-Windows, the separator is B<;>.  For OpenVMS, it's
+B<,>.  For all others, it's B<:>.
+
 =item B<cert.pem...>
 
 one or more certificates of message recipients: used when encrypting