diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index 2945a88b9..8ea106897 100644
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -1373,6 +1373,12 @@ int wc_FreeRng(WC_RNG* rng)
         ret = WC_HW_E;
 #endif
 
+#ifndef USE_WINDOWS_API
+    if(rng->seed.fd != 0 && rng->seed.fd != -1) {
+        close(rng->seed.fd);
+    }
+#endif
+
     return ret;
 }
 
@@ -3553,20 +3559,22 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 
 #ifndef NO_FILESYSTEM
     #ifndef NO_DEV_URANDOM /* way to disable use of /dev/urandom */
-        os->fd = open("/dev/urandom", O_RDONLY);
-        #if defined(DEBUG_WOLFSSL)
-            WOLFSSL_MSG("opened /dev/urandom.");
-        #endif
-        if (os->fd == -1)
-    #endif
-        {
-            /* may still have /dev/random */
-            os->fd = open("/dev/random", O_RDONLY);
-    #if defined(DEBUG_WOLFSSL)
-            WOLFSSL_MSG("opened /dev/random.");
-    #endif
+        if (os->fd == 0 || os->fd == -1) {
+            os->fd = open("/dev/urandom", O_RDONLY);
+            #if defined(DEBUG_WOLFSSL)
+                WOLFSSL_MSG("opened /dev/urandom.");
+            #endif
             if (os->fd == -1)
-                return OPEN_RAN_E;
+        #endif
+            {
+                /* may still have /dev/random */
+                os->fd = open("/dev/random", O_RDONLY);
+        #if defined(DEBUG_WOLFSSL)
+                WOLFSSL_MSG("opened /dev/random.");
+        #endif
+                if (os->fd == -1)
+                    return OPEN_RAN_E;
+            }
         }
     #if defined(DEBUG_WOLFSSL)
         WOLFSSL_MSG("rnd read...");
@@ -3590,7 +3598,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
     #endif
             }
         }
-        close(os->fd);
 #else
         (void)output;
         (void)sz;