diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c
index e5f2319720..3f3ba0267a 100644
--- a/src/util/vircrypto.c
+++ b/src/util/vircrypto.c
@@ -330,23 +330,5 @@ int
 virCryptoGenerateRandom(unsigned char *buf,
                         size_t buflen)
 {
-#if WITH_GNUTLS
-    int rv;
-
-    /* Generate the byte stream using gnutls_rnd() if possible */
-    if ((rv = gnutls_rnd(GNUTLS_RND_RANDOM, buf, buflen)) < 0) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("failed to generate byte stream: %s"),
-                       gnutls_strerror(rv));
-        return -1;
-    }
-#else
-    /* If we don't have gnutls_rnd(), we will generate a less cryptographically
-     * strong master buf from /dev/urandom.
-     */
-    if (virRandomBytes(buf, buflen) < 0)
-        return -1;
-#endif
-
-    return 0;
+    return virRandomBytes(buf, buflen);
 }
diff --git a/src/util/virrandom.c b/src/util/virrandom.c
index 230745d311..444b0f9802 100644
--- a/src/util/virrandom.c
+++ b/src/util/virrandom.c
@@ -29,6 +29,10 @@
 #include <fcntl.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#ifdef WITH_GNUTLS
+# include <gnutls/gnutls.h>
+# include <gnutls/crypto.h>
+#endif
 
 #include "virrandom.h"
 #include "virthread.h"
@@ -175,6 +179,19 @@ int
 virRandomBytes(unsigned char *buf,
                size_t buflen)
 {
+#if WITH_GNUTLS
+    int rv;
+
+    /* Generate the byte stream using gnutls_rnd() if possible */
+    if ((rv = gnutls_rnd(GNUTLS_RND_RANDOM, buf, buflen)) < 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("failed to generate byte stream: %s"),
+                       gnutls_strerror(rv));
+        return -1;
+    }
+
+#else /* !WITH_GNUTLS */
+
     int fd;
 
     if ((fd = open(RANDOM_SOURCE, O_RDONLY)) < 0) {
@@ -200,6 +217,7 @@ virRandomBytes(unsigned char *buf,
     }
 
     VIR_FORCE_CLOSE(fd);
+#endif /* !WITH_GNUTLS */
 
     return 0;
 }