Index: .fossil-settings/ignore-glob
==================================================================
--- .fossil-settings/ignore-glob
+++ .fossil-settings/ignore-glob
@@ -1,7 +1,10 @@
 nano.so
 nano.o
+randombytes.o
+blake2b.o
+tweetnacl.o
 nano.syms
 nano.tcl.h
 Makefile
 pkgIndex.tcl
 aclocal.m4

Index: Makefile.in
==================================================================
--- Makefile.in
+++ Makefile.in
@@ -9,27 +9,30 @@
 srcdir        := @srcdir@
 export CC CFLAGS CPPFLAGS
 
 all: @EXTENSION_TARGET@ pkgIndex.tcl
 
-@EXTENSION_TARGET@: tweetnacl.o blake2b.o nano.o Makefile
+@EXTENSION_TARGET@: tweetnacl.o blake2b.o randombytes.o nano.o Makefile
 ifeq (@TCLEXT_BUILD@,shared)
-	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) $(SHOBJLDFLAGS) -o @EXTENSION_TARGET@ nano.o tweetnacl.o blake2b.o $(LIBS)
+	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) $(SHOBJLDFLAGS) -o @EXTENSION_TARGET@ nano.o randombytes.o tweetnacl.o blake2b.o $(LIBS)
 	-@WEAKENSYMS@ @EXTENSION_TARGET@
 	-@REMOVESYMS@ @EXTENSION_TARGET@
 else
 	rm -f @EXTENSION_TARGET@
-	$(AR) rc @EXTENSION_TARGET@ nano.o blake2b.o tweetnacl.o
+	$(AR) rc @EXTENSION_TARGET@ nano.o randombytes.o blake2b.o tweetnacl.o
 	-$(RANLIB) @EXTENSION_TARGET@
 endif
 
 pkgIndex.tcl: pkgIndex.tcl-@TCLEXT_BUILD@
 	cp pkgIndex.tcl-@TCLEXT_BUILD@ pkgIndex.tcl
 
-nano.o: @srcdir@/nano.c @srcdir@/tweetnacl/tweetnacl.h @srcdir@/blake2b/blake2.h nano.tcl.h Makefile
+nano.o: @srcdir@/nano.c @srcdir@/tweetnacl/tweetnacl.h @srcdir@/blake2b/blake2.h @srcdir@/randombytes.h nano.tcl.h Makefile
 	$(CC) $(CPPFLAGS) $(CFLAGS) -o nano.o -c @srcdir@/nano.c
 
+randombytes.o: @srcdir@/randombytes.c @srcdir@/randombytes.h
+	$(CC) $(CPPFLAGS) $(CFLAGS) -o randombytes.o -c @srcdir@/randombytes.c
+
 nano.tcl.h: @srcdir@/nano.tcl Makefile
 	od -A n -v -t xC < '@srcdir@/nano.tcl' > nano.tcl.h.new.1
 	sed 's@  *@@g;s@..@0x&, @g' < nano.tcl.h.new.1 > nano.tcl.h.new.2
 	rm -f nano.tcl.h.new.1
 	mv nano.tcl.h.new.2 nano.tcl.h
@@ -43,11 +46,11 @@
 test: @EXTENSION_TARGET@
 	@srcdir@/build/test/test.tcl .
 
 clean:
 	rm -f @EXTENSION_TARGET@ nano.o
-	rm -f blake2b.o tweetnacl.o
+	rm -f blake2b.o tweetnacl.o randombytes.o
 
 distclean: clean
 	rm -f Makefile pkgIndex.tcl-shared pkgIndex.tcl-static nano.syms
 	rm -f pkgIndex.tcl
 	rm -f config.log config.status

Index: configure.ac
==================================================================
--- configure.ac
+++ configure.ac
@@ -59,10 +59,17 @@
 
 dnl Enable hardening
 AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [CFLAGS="$CFLAGS -fstack-protector-all"])
 AX_CHECK_COMPILE_FLAG([-fno-strict-overflow], [CFLAGS="$CFLAGS -fno-strict-overflow"])
 AC_DEFINE([_FORTIFY_SOURCE], [2], [Enable fortification])
+
+dnl Random number generation mechanisms
+AC_CHECK_FUNC(getrandom,, [
+	AC_CHECK_FUNC(getentropy,, [
+		AC_CHECK_FUNC(CryptGenRandom)
+	])
+])
 
 dnl Sync the RPATH if requested
 if test "$TCLEXT_BUILD" != 'static'; then
 	if test "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then
 		DC_SYNC_RPATH([no])

Index: nano.c
==================================================================
--- nano.c
+++ nano.c
@@ -3,93 +3,19 @@
 #include <string.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <tcl.h>
 
+#include "randombytes.h"
 #include "tweetnacl.h"
 #include "blake2.h"
 
 #define NANO_SECRET_KEY_LENGTH (crypto_sign_SECRETKEYBYTES - crypto_sign_PUBLICKEYBYTES)
 #define NANO_PUBLIC_KEY_LENGTH (crypto_sign_PUBLICKEYBYTES)
 #define TclNano_AttemptAlloc(x) ((void *) Tcl_AttemptAlloc(x))
 #define TclNano_Free(x) Tcl_Free((char *) x)
 
-#if defined(HAVE_GETRANDOM)
-#  ifdef HAVE_SYS_RANDOM_H
-#    include <sys/random.h>
-#  endif
-
-void randombytes(uint8_t *buffer, uint64_t length) {
-	ssize_t gr_ret;
-
-	while (length > 0) {
-		gr_ret = getrandom(buffer, length, 0);
-		if (gr_ret <= 0) {
-			continue;
-		}
-
-		buffer += gr_ret;
-		length -= gr_ret;
-	}
-
-	return;
-}
-#elif defined(HAVE_GETENTROPY)
-void randombytes(uint8_t *buffer, uint64_t length) {
-	int ge_ret;
-	int current_length;
-
-	while (length > 0) {
-		current_length = length;
-		if (current_length > 256) {
-			current_length = 256;
-		}
-
-		ge_ret = getentropy(buffer, current_length);
-		if (ge_ret != 0) {
-			continue;
-		}
-
-		buffer += current_length;
-		length -= current_length;
-	}
-
-	return;
-}
-#else
-#  ifdef HAVE_SYS_TYPES_H
-#    include <sys/types.h>
-#  endif
-#  ifdef HAVE_SYS_STAT_H
-#    include <sys/stat.h>
-#  endif
-#  ifdef HAVE_FCNTL_H
-#    include <fcntl.h>
-# endif
-void randombytes(uint8_t *buffer, uint64_t length) {
-	ssize_t read_ret;
-	int fd = -1;
-
-	while (fd < 0) {
-		fd = open("/dev/urandom", O_RDONLY);
-	}
-
-	while (length > 0) {
-		read_ret = read(fd, buffer, length);
-		if (read_ret <= 0) {
-			continue;
-		}
-
-		buffer += read_ret;
-		length -= read_ret;
-	}
-
-	close(fd);
-	return;
-}
-#endif
-
 static unsigned char *nano_parse_secret_key(Tcl_Obj *secret_key_only_obj, int *out_key_length) {
 	unsigned char *secret_key, *public_key, *secret_key_only;
 	int secret_key_length, secret_key_only_length;
 
 	secret_key_only = Tcl_GetByteArrayFromObj(secret_key_only_obj, &secret_key_only_length);

ADDED   randombytes.c
Index: randombytes.c
==================================================================
--- /dev/null
+++ randombytes.c
@@ -0,0 +1,79 @@
+#include "randombytes.h"
+
+#if defined(HAVE_GETRANDOM)
+#  ifdef HAVE_SYS_RANDOM_H
+#    include <sys/random.h>
+#  endif
+
+void randombytes(uint8_t *buffer, uint64_t length) {
+	ssize_t gr_ret;
+
+	while (length > 0) {
+		gr_ret = getrandom(buffer, length, 0);
+		if (gr_ret <= 0) {
+			continue;
+		}
+
+		buffer += gr_ret;
+		length -= gr_ret;
+	}
+
+	return;
+}
+#elif defined(HAVE_GETENTROPY)
+void randombytes(uint8_t *buffer, uint64_t length) {
+	int ge_ret;
+	int current_length;
+
+	while (length > 0) {
+		current_length = length;
+		if (current_length > 256) {
+			current_length = 256;
+		}
+
+		ge_ret = getentropy(buffer, current_length);
+		if (ge_ret != 0) {
+			continue;
+		}
+
+		buffer += current_length;
+		length -= current_length;
+	}
+
+	return;
+}
+#else
+#  ifdef HAVE_SYS_TYPES_H
+#    include <sys/types.h>
+#  endif
+#  ifdef HAVE_SYS_STAT_H
+#    include <sys/stat.h>
+#  endif
+#  ifdef HAVE_FCNTL_H
+#    include <fcntl.h>
+# endif
+# ifdef HAVE_UNISTD_H
+#    include <unistd.h>
+# endif
+void randombytes(uint8_t *buffer, uint64_t length) {
+	ssize_t read_ret;
+	int fd = -1;
+
+	while (fd < 0) {
+		fd = open("/dev/urandom", O_RDONLY);
+	}
+
+	while (length > 0) {
+		read_ret = read(fd, buffer, length);
+		if (read_ret <= 0) {
+			continue;
+		}
+
+		buffer += read_ret;
+		length -= read_ret;
+	}
+
+	close(fd);
+	return;
+}
+#endif

ADDED   randombytes.h
Index: randombytes.h
==================================================================
--- /dev/null
+++ randombytes.h
@@ -0,0 +1,2 @@
+#include <stdint.h>
+void randombytes(uint8_t *buffer, uint64_t length);