diff --git a/crypto/rand_extra/urandom.c b/crypto/rand_extra/urandom.c
index f9e8069374b..58148a9dd66 100644
--- a/crypto/rand_extra/urandom.c
+++ b/crypto/rand_extra/urandom.c
@@ -352,8 +352,10 @@ static void ensure_getrandom_is_initialized(void) {
 
 static void ensure_dev_urandom_is_initialized(void) {
 
-  // On platforms where urandom doesn't block at startup, we ensure that the
-  // kernel has sufficient entropy before continuing.
+#if defined(OPENSSL_LINUX)
+  // On Linux, where urandom doesn't block at startup, we ensure that the
+  // kernel has sufficient entropy before continuing. RNDGETENTCNT and ioctl
+  // are Linux-specific (from <linux/random.h> and <sys/ioctl.h>).
   for (;;) {
     int entropy_bits = 0;
     if (ioctl(urandom_fd, RNDGETENTCNT, &entropy_bits)) {
@@ -376,6 +378,7 @@ static void ensure_dev_urandom_is_initialized(void) {
     struct timespec sleep_time = {.tv_sec = 0, .tv_nsec = MILLISECONDS_250 };
     nanosleep(&sleep_time, &sleep_time);
   }
+#endif  // OPENSSL_LINUX
 
   random_flavor_state = STATE_READY;
 }
diff --git a/include/openssl/target.h b/include/openssl/target.h
index d06f0fa9fc6..1da62e3fdf9 100644
--- a/include/openssl/target.h
+++ b/include/openssl/target.h
@@ -87,6 +87,14 @@
 #endif
 
 #if defined(__APPLE__)
+// TargetConditionals.h defines TARGET_OS_OSX, TARGET_OS_IPHONE, etc.
+// base.h includes it for C/C++, but target.h must be self-contained
+// because it can be included before base.h. In assembly contexts the
+// header is unavailable, but the TARGET_OS_* checks below will simply
+// evaluate to false, which is fine -- assembly never inspects them.
+#if !defined(__ASSEMBLER__)
+#include <TargetConditionals.h>
+#endif
 #define OPENSSL_APPLE
 // Note |TARGET_OS_MAC| is set for all Apple OS variants. |TARGET_OS_OSX|
 // targets macOS specifically.