[multiple] ./configure --with-nettle to use Nettle

./configure --with-nettle to use Nettle crypto lib for algorithms,
instead of OpenSSL or wolfSSL.  Note: Nettle does not provide TLS.

x-ref:
  "How to use SHA-256 without OpenSSL?"
  https://redmine.lighttpd.net/boards/2/topics/8903

SConstruct

@@ -253,6 +253,7 @@ vars.AddVariables(
 	PackageVariable('with_mysql', 'enable mysql support', 'no'),
 	BoolVariable('with_openssl', 'enable openssl support', 'no'),
 	PackageVariable('with_wolfssl', 'enable wolfSSL support', 'no'),
+	BoolVariable('with_nettle', 'enable Nettle support', 'no'),
 	BoolVariable('with_pam', 'enable PAM auth support', 'no'),
 	PackageVariable('with_pcre', 'enable pcre support', 'yes'),
 	PackageVariable('with_pgsql', 'enable pgsql support', 'no'),
@@ -608,6 +609,14 @@ if 1:
 			LIBCRYPTO = 'wolfssl',
 		)
 
+	if env['with_nettle']:
+		if not autoconf.CheckLibWithHeader('nettle', 'nettle/nettle-types.h', 'C'):
+			fail("Couldn't find Nettle")
+		autoconf.env.Append(
+			CPPFLAGS = [ '-DHAVE_NETTLE_NETTLE_TYPES_H' ],
+			LIBCRYPTO = 'nettle',
+		)
+
 	if env['with_pam']:
 		if not autoconf.CheckLibWithHeader('pam', 'security/pam_appl.h', 'C'):
 			fail("Couldn't find pam")

configure.ac

@@ -737,6 +737,35 @@ if test "$WITH_OPENSSL" != no && test "$WITH_WOLFSSL" != no; then
   AC_MSG_ERROR([lighttpd should not be built with both --with-openssl and --with-wolfssl])
 fi
 
+dnl Check for Nettle (and overwrite CRYPTO_LIB if set by OpenSSL or wolfSSL)
+AC_MSG_NOTICE([----------------------------------------])
+AC_MSG_CHECKING([for Nettle])
+AC_ARG_WITH([nettle],
+  [AC_HELP_STRING([--with-nettle@<:@=DIR@:>@],
+    [Include Nettle support (default no)]
+  )],
+  [WITH_NETTLE=$withval],
+  [WITH_NETTLE=no]
+)
+AC_MSG_RESULT([$WITH_NETTLE])
+
+if test "$WITH_NETTLE" != no; then
+  if test "$WITH_NETTLE" != yes; then
+    CPPFLAGS="${CPPFLAGS} -I$WITH_NETTLE/include"
+    LDFLAGS="${LDFLAGS} -L$WITH_NETTLE/lib"
+  fi
+
+  AC_CHECK_HEADERS([nettle/nettle-types.h], [], [
+    AC_MSG_ERROR([nettle headers not found. install them or build without --with-nettle])
+  ])
+  AC_CHECK_LIB([nettle], [nettle_md5_init],
+    [CRYPTO_LIB="-lnettle"],
+    [AC_MSG_ERROR([nettle crypto library not found. install it or build without --with-nettle])]
+  )
+
+  AC_SUBST([CRYPTO_LIB])
+fi
+
 
 dnl pcre support
 AC_MSG_NOTICE([----------------------------------------])

meson_options.txt

@@ -63,6 +63,11 @@ option('with_mysql',
 	value: false,
 	description: 'with mysql-support for mod_vhostdb_mysql [default: off]',
 )
+option('with_nettle',
+	type: 'boolean',
+	value: false,
+	description: 'with Nettle-support [default: off]',
+)
 option('with_openssl',
 	type: 'boolean',
 	value: false,

src/CMakeLists.txt

@@ -22,6 +22,7 @@ option(WITH_PGSQL "with postgres-support for mod_vhostdb_pgsql [default: off]")
 option(WITH_DBI "with dbi-support for mod_vhostdb_dbi [default: off]")
 option(WITH_OPENSSL "with openssl-support [default: off]")
 option(WITH_WOLFSSL "with wolfSSL-support [default: off]")
+option(WITH_NETTLE "with Nettle-support [default: off]")
 option(WITH_PCRE "with regex support [default: on]" ON)
 option(WITH_WEBDAV_PROPS "with property-support for mod_webdav [default: off]")
 option(WITH_WEBDAV_LOCKS "locks in webdav [default: off]")
@@ -370,6 +371,24 @@ if(WITH_OPENSSL AND WITH_WOLFSSL)
 	message(FATAL_ERROR "lighttpd should not be built with both --with-openssl and --with-wolfssl")
 endif()
 
+if(WITH_NETTLE)
+	if(APPLE)
+		set(CMAKE_REQUIRED_INCLUDES /opt/local/include)
+	endif()
+	check_include_files(nettle/nettle-types.h HAVE_NETTLE_NETTLE_TYPES_H)
+	if(APPLE)
+		set(CMAKE_REQUIRED_INCLUDES)
+	endif()
+	if(HAVE_NETTLE_NETTLE_TYPES_H)
+		check_library_exists(nettle nettle_md5_init "" HAVE_LIBCRYPTO)
+		if(HAVE_LIBCRYPTO)
+			set(CRYPTO_LIBRARY nettle)
+		endif()
+	endif()
+else()
+	unset(HAVE_NETTLE_NETTLE_TYPES_H)
+endif()
+
 if(WITH_PCRE)
 	## if we have pcre-config, use it
 	xconfig(pcre-config PCRE_INCDIR PCRE_LIBDIR PCRE_LDFLAGS PCRE_CFLAGS)

src/algo_sha1.c

@@ -2,7 +2,7 @@
 typedef int innocuous_typedef_to_quiet_empty_translation_unit_compiler_warning;
 
 #include "sys-crypto.h"
-#ifndef USE_OPENSSL_CRYPTO
+#ifndef USE_LIB_CRYPTO
 
 #include "sys-endian.h"
 #include "algo_sha1.h"

src/algo_sha1.h

@@ -2,12 +2,32 @@
 #define INCLUDED_ALGO_SHA1_H
 #include "first.h"
 
-#include "sys-crypto.h"
-#ifdef USE_OPENSSL_CRYPTO
+#include "sys-crypto.h" /* USE_LIB_CRYPTO */
+#ifdef USE_LIB_CRYPTO
+
+#ifdef USE_NETTLE_CRYPTO
+#include <nettle/sha.h>
+#ifndef SHA_DIGEST_LENGTH
+#define SHA_DIGEST_LENGTH 20
+#endif
+typedef struct sha1_ctx SHA_CTX;
+#define SHA1_Init(ctx) \
+        sha1_init(ctx)
+#define SHA1_Final(digest, ctx) \
+        sha1_digest((ctx),sizeof(digest),(digest))
+static void
+SHA1_Update(SHA_CTX *ctx, const void *data, size_t length)
+{
+    sha1_update(ctx, length, data);
+}
+
+#elif defined(USE_OPENSSL_CRYPTO)
 
 #include <openssl/sha.h>
 
-#else
+#endif
+
+#else /* ! USE_LIB_CRYPTO */
 
 /*
  * sha.h

src/md5.c

@@ -33,10 +33,10 @@ documentation and/or software.
 #define POINTER unsigned char *
 
 #if 0 /* Note: not defined here or in lighttpd local "md5.h" */
-#include "sys-crypto.h" /* USE_OPENSSL_CRYPTO */
+#include "sys-crypto.h" /* USE_LIB_CRYPTO */
 #endif
 
-#ifndef USE_OPENSSL_CRYPTO
+#ifndef USE_LIB_CRYPTO
 #include <string.h>
 
 /* Constants for MD5Transform routine.

src/meson.build

@@ -420,6 +420,13 @@ if get_option('with_wolfssl') != 'false'
 	libcrypto += libwolfssl_includes_dep
 	conf_data.set('HAVE_WOLFSSL_SSL_H', true)
 endif
+if get_option('with_nettle') != 'false'
+	# manual search:
+	# header: nettle/nettle-types.h
+	# function: nettle_md5_init (-lnettle)
+	libcrypto = [ dependency('libnettle') ]
+	conf_data.set('HAVE_NETTLE_NETTLE_TYPES_H', true)
+endif
 
 libpcre = []
 if get_option('with_pcre')

src/mod_auth.c

@@ -6,11 +6,45 @@
 #include "http_header.h"
 #include "log.h"
 
-#include "sys-crypto.h" /* USE_OPENSSL_CRYPTO */
-#ifdef USE_OPENSSL_CRYPTO
+#include "sys-crypto.h" /* USE_LIB_CRYPTO */
+#ifdef USE_LIB_CRYPTO
+
+#if defined(USE_NETTLE_CRYPTO)
+
+#include <nettle/sha.h>
+typedef struct sha256_ctx SHA256_CTX;
+#define SHA256_Init(ctx) \
+        sha256_init(ctx)
+#define SHA256_Final(digest, ctx) \
+        sha256_digest((ctx),sizeof(digest),(digest))
+static void
+SHA256_Update(SHA256_CTX *ctx, const void *data, size_t length)
+{
+    sha256_update(ctx, length, data);
+}
+
+#ifndef SHA512_256_DIGEST_LENGTH
+#define SHA512_256_DIGEST_LENGTH 32
+#endif
+typedef struct sha512_ctx SHA512_CTX;
+#define SHA512_256_Init(ctx) \
+        sha512_256_init(ctx)
+#define SHA512_256_Final(digest, ctx) \
+        sha512_256_digest((ctx),sizeof(digest),(digest))
+static void
+SHA512_256_Update(SHA512_CTX *ctx, const void *data, size_t length)
+{
+    sha512_256_update(ctx, length, data);
+}
+
+#elif defined(USE_OPENSSL_CRYPTO)
+
 #include <openssl/sha.h>
+
 #endif
 
+#endif /* USE_LIB_CRYPTO */
+
 #include <stdlib.h>
 #include <string.h>
 
@@ -132,7 +166,7 @@ static int mod_auth_algorithm_parse(http_auth_info_t *ai, const char *s) {
         ai->dlen   = HTTP_AUTH_DIGEST_MD5_BINLEN;
         return 1;
     }
-  #ifdef USE_OPENSSL_CRYPTO
+  #ifdef USE_LIB_CRYPTO
     else if (len >= 7
              && 's' == (s[0] | 0x20)
              && 'h' == (s[1] | 0x20)
@@ -613,7 +647,7 @@ static handler_t mod_auth_check_basic(request_st * const r, void *p_d, const str
 }
 
 
-#ifdef USE_OPENSSL_CRYPTO
+#ifdef USE_LIB_CRYPTO
 
 static void mod_auth_digest_mutate_sha256(http_auth_info_t *ai, const char *m, const char *uri, const char *nonce, const char *cnonce, const char *nc, const char *qop) {
     SHA256_CTX ctx;
@@ -761,7 +795,7 @@ static void mod_auth_digest_nonce_sha512_256(buffer *b, time_t cur_ts, int rnd,
 
 #endif /* SHA512_256_DIGEST_LENGTH */
 
-#endif /* USE_OPENSSL_CRYPTO */
+#endif /* USE_LIB_CRYPTO */
 
 static void mod_auth_digest_mutate_md5(http_auth_info_t *ai, const char *m, const char *uri, const char *nonce, const char *cnonce, const char *nc, const char *qop) {
     li_MD5_CTX ctx;
@@ -839,7 +873,7 @@ static void mod_auth_digest_nonce_md5(buffer *b, time_t cur_ts, int rnd, const b
 static void mod_auth_digest_mutate(http_auth_info_t *ai, const char *m, const char *uri, const char *nonce, const char *cnonce, const char *nc, const char *qop) {
     if (ai->dalgo & HTTP_AUTH_DIGEST_MD5)
         mod_auth_digest_mutate_md5(ai, m, uri, nonce, cnonce, nc, qop);
-  #ifdef USE_OPENSSL_CRYPTO
+  #ifdef USE_LIB_CRYPTO
     else if (ai->dalgo & HTTP_AUTH_DIGEST_SHA256)
         mod_auth_digest_mutate_sha256(ai, m, uri, nonce, cnonce, nc, qop);
    #ifdef SHA512_256_DIGEST_LENGTH
@@ -864,7 +898,7 @@ static void mod_auth_append_nonce(buffer *b, time_t cur_ts, const struct http_au
         buffer_append_string_len(b, CONST_STR_LEN(":"));
     }
     switch (dalgo) {
-     #ifdef USE_OPENSSL_CRYPTO
+     #ifdef USE_LIB_CRYPTO
       #ifdef SHA512_256_DIGEST_LENGTH
       case HTTP_AUTH_DIGEST_SHA512_256:
         mod_auth_digest_nonce_sha512_256(b, cur_ts, rnd, nonce_secret);
@@ -887,7 +921,7 @@ static void mod_auth_digest_www_authenticate(buffer *b, time_t cur_ts, const str
     int algoid[3];
     unsigned int algolen[3];
     const char *algoname[3];
-  #ifdef USE_OPENSSL_CRYPTO
+  #ifdef USE_LIB_CRYPTO
    #ifdef SHA512_256_DIGEST_LENGTH
     if (algos & HTTP_AUTH_DIGEST_SHA512_256) {
         algoid[n] = HTTP_AUTH_DIGEST_SHA512_256;

src/mod_authn_file.c

@@ -14,11 +14,59 @@
 # define HAVE_CRYPT
 #endif
 
-#include "sys-crypto.h"
-#ifdef USE_OPENSSL_CRYPTO
+#include "sys-crypto.h" /* USE_LIB_CRYPTO */
+#ifdef USE_LIB_CRYPTO
+
+#if defined(USE_NETTLE_CRYPTO)
+
+#include <nettle/md4.h>
+#include <nettle/sha.h>
+
+typedef struct md4_ctx MD4_CTX;
+#define MD4_Init(ctx) \
+        md4_init(ctx)
+#define MD4_Final(digest, ctx) \
+        md4_digest((ctx),sizeof(digest),(digest))
+static void
+MD4_Update(MD4_CTX *ctx, const void *data, size_t length)
+{
+    md4_update(ctx, length, data);
+}
+
+typedef struct sha256_ctx SHA256_CTX;
+#define SHA256_Init(ctx) \
+        sha256_init(ctx)
+#define SHA256_Final(digest, ctx) \
+        sha256_digest((ctx),sizeof(digest),(digest))
+static void
+SHA256_Update(SHA256_CTX *ctx, const void *data, size_t length)
+{
+    sha256_update(ctx, length, data);
+}
+
+#ifndef SHA512_256_DIGEST_LENGTH
+#define SHA512_256_DIGEST_LENGTH 32
+#endif
+typedef struct sha512_ctx SHA512_CTX;
+#define SHA512_256_Init(ctx) \
+        sha512_256_init(ctx)
+#define SHA512_256_Final(digest, ctx) \
+        sha512_256_digest((ctx),sizeof(digest),(digest))
+static void
+SHA512_256_Update(SHA512_CTX *ctx, const void *data, size_t length)
+{
+    sha512_256_update(ctx, length, data);
+}
+
+#elif defined(USE_OPENSSL_CRYPTO)
+
 #include <openssl/md4.h>
+#include <openssl/sha.h>
+
 #endif
 
+#endif /* USE_LIB_CRYPTO */
+
 #include "safe_memclear.h"
 /*(htpasswd)*/
 
@@ -159,7 +207,7 @@ SETDEFAULTS_FUNC(mod_authn_file_set_defaults) {
 
 
 
-#ifdef USE_OPENSSL_CRYPTO
+#ifdef USE_LIB_CRYPTO
 
 static void mod_authn_file_digest_sha256(http_auth_info_t *ai, const char *pw, size_t pwlen) {
     SHA256_CTX ctx;
@@ -202,7 +250,7 @@ static void mod_authn_file_digest(http_auth_info_t *ai, const char *pw, size_t p
 
     if (ai->dalgo & HTTP_AUTH_DIGEST_MD5)
         mod_authn_file_digest_md5(ai, pw, pwlen);
-  #ifdef USE_OPENSSL_CRYPTO
+  #ifdef USE_LIB_CRYPTO
     else if (ai->dalgo & HTTP_AUTH_DIGEST_SHA256)
         mod_authn_file_digest_sha256(ai, pw, pwlen);
    #ifdef SHA512_256_DIGEST_LENGTH
@@ -644,7 +692,7 @@ static handler_t mod_authn_file_htpasswd_basic(request_st * const r, void *p_d,
             crypt_tmp_data.initialized = 0;
             #endif
            #endif
-           #ifdef USE_OPENSSL_CRYPTO /* (for MD4_*() (e.g. MD4_Update())) */
+           #ifdef USE_LIB_CRYPTO /*(for MD4_*() (e.g. MD4_Update()))*/
            #ifndef NO_MD4 /*(e.g. wolfSSL built without MD4)*/
             if (0 == memcmp(password->ptr, CONST_STR_LEN("$1+ntlm$"))) {
                 /* CRYPT-MD5-NTLM algorithm

src/mod_secdownload.c

@@ -12,10 +12,14 @@
 #include <string.h>
 
 #include "sys-crypto.h"
-#ifdef USE_OPENSSL_CRYPTO
+#ifdef USE_LIB_CRYPTO
+#if defined(USE_NETTLE_CRYPTO)
+#include <nettle/hmac.h>
+#elif defined(USE_OPENSSL_CRYPTO)
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #endif
+#endif
 
 #include "md5.h"
 
@@ -177,11 +181,17 @@ static int secdl_verify_mac(plugin_config *config, const char* protected_path, c
 			return const_time_memeq((char *)HA1, (char *)md5bin, sizeof(md5bin));
 		}
 	case SECDL_HMAC_SHA1:
-#ifdef USE_OPENSSL_CRYPTO
+#ifdef USE_LIB_CRYPTO
 		{
 			unsigned char digest[20];
 			char base64_digest[27];
 
+		  #if defined(USE_NETTLE_CRYPTO)
+			struct hmac_sha1_ctx ctx;
+			hmac_sha1_set_key(&ctx, buffer_string_length(config->secret), (const uint8_t *)config->secret->ptr);
+			hmac_sha1_update(&ctx, strlen(protected_path), (const uint8_t *)protected_path);
+			hmac_sha1_digest(&ctx, sizeof(digest), (uint8_t *)digest);
+		  #elif defined(USE_OPENSSL_CRYPTO)
 			if (NULL == HMAC(
 					EVP_sha1(),
 					(unsigned char const*) config->secret->ptr, buffer_string_length(config->secret),
@@ -191,6 +201,9 @@ static int secdl_verify_mac(plugin_config *config, const char* protected_path, c
 				  "hmac-sha1: HMAC() failed");
 				return 0;
 			}
+		  #else
+		  #error "unexpected; crypto lib not configured for use by mod_secdownload"
+		  #endif
 
 			li_to_base64_no_padding(base64_digest, 27, digest, 20, BASE64_URL);
 
@@ -199,11 +212,17 @@ static int secdl_verify_mac(plugin_config *config, const char* protected_path, c
 #endif
 		break;
 	case SECDL_HMAC_SHA256:
-#ifdef USE_OPENSSL_CRYPTO
+#ifdef USE_LIB_CRYPTO
 		{
 			unsigned char digest[32];
 			char base64_digest[43];
 
+		  #if defined(USE_NETTLE_CRYPTO)
+			struct hmac_sha256_ctx ctx;
+			hmac_sha256_set_key(&ctx, buffer_string_length(config->secret), (const uint8_t *)config->secret->ptr);
+			hmac_sha256_update(&ctx, strlen(protected_path), (const uint8_t *)protected_path);
+			hmac_sha256_digest(&ctx, sizeof(digest), (uint8_t *)digest);
+		  #elif defined(USE_OPENSSL_CRYPTO)
 			if (NULL == HMAC(
 					EVP_sha256(),
 					(unsigned char const*) config->secret->ptr, buffer_string_length(config->secret),
@@ -213,6 +232,9 @@ static int secdl_verify_mac(plugin_config *config, const char* protected_path, c
 				  "hmac-sha256: HMAC() failed");
 				return 0;
 			}
+		  #else
+		  #error "unexpected; crypto lib not configured for use by mod_secdownload"
+		  #endif
 
 			li_to_base64_no_padding(base64_digest, 43, digest, 32, BASE64_URL);
 
@@ -236,7 +258,7 @@ static int mod_secdownload_parse_algorithm(config_plugin_value_t * const cpv, lo
         log_error(errh, __FILE__, __LINE__,
           "invalid secdownload.algorithm: %s", cpv->v.b->ptr);
         return 0;
-     #ifndef USE_OPENSSL_CRYPTO
+     #ifndef USE_LIB_CRYPTO
       case SECDL_HMAC_SHA1:
       case SECDL_HMAC_SHA256:
         log_error(errh, __FILE__, __LINE__,

src/rand.c

@@ -13,7 +13,13 @@
 #include <time.h>
 #include <unistd.h>
 
-#include "sys-crypto.h"
+#include "sys-crypto.h" /* USE_LIB_CRYPTO */
+#ifdef USE_NETTLE_CRYPTO
+#undef USE_OPENSSL_CRYPTO
+#include <nettle/knuth-lfib.h>
+#include <nettle/arcfour.h>
+#include <nettle/yarrow.h>
+#endif
 #ifdef USE_OPENSSL_CRYPTO
 #include <openssl/opensslv.h> /* OPENSSL_VERSION_NUMBER */
 #include <openssl/rand.h>
@@ -126,6 +132,39 @@ static int li_rand_device_bytes (unsigned char *buf, int num)
 
 static int li_rand_inited;
 static unsigned short xsubi[3];
+#ifdef USE_NETTLE_CRYPTO
+static struct knuth_lfib_ctx knuth_lfib_ctx;
+static struct arcfour_ctx    arcfour_ctx;
+static struct yarrow256_ctx  yarrow256_ctx;
+#endif
+
+#ifdef USE_NETTLE_CRYPTO
+/* adapted from Nettle documentation arcfour_set_key_hashed() in nettle.pdf */
+/* A more robust key setup function for ARCFOUR */
+static void
+li_arcfour_init_random_key_hashed(struct arcfour_ctx *ctx)
+{
+    uint8_t key[ARCFOUR_KEY_SIZE];
+    const size_t length = sizeof(key);
+    if (1 != li_rand_device_bytes(key, (int)sizeof(key))) {
+        log_failed_assert(__FILE__, __LINE__,
+                          "gathering entropy for arcfour seed failed");
+    }
+    memset(ctx, 0, sizeof(*ctx));
+
+    struct sha256_ctx hash;
+    uint8_t digest[SHA256_DIGEST_SIZE];
+    uint8_t buf[0x200];
+    memset(buf, 0, sizeof(buf));
+    sha256_init(&hash);
+    sha256_update(&hash, length, key);
+    sha256_digest(&hash, SHA256_DIGEST_SIZE, digest);
+    nettle_arcfour_set_key(ctx, SHA256_DIGEST_SIZE, digest);
+    nettle_arcfour_crypt(ctx, sizeof(buf), buf, buf);
+    nettle_arcfour_crypt(ctx, sizeof(buf), buf, buf);
+    nettle_arcfour_crypt(ctx, sizeof(buf), buf, buf);
+}
+#endif
 
 static void li_rand_init (void)
 {
@@ -158,6 +197,11 @@ static void li_rand_init (void)
   #ifdef HAVE_SRANDOM
     srandom(u); /*(initialize just in case random() used elsewhere)*/
   #endif
+  #ifdef USE_NETTLE_CRYPTO
+    nettle_knuth_lfib_init(&knuth_lfib_ctx, u);
+    nettle_yarrow256_init(&yarrow256_ctx, 0, NULL);
+    li_arcfour_init_random_key_hashed(&arcfour_ctx);
+  #endif
   #ifdef USE_OPENSSL_CRYPTO
     RAND_poll();
     RAND_seed(xsubi, (int)sizeof(xsubi));
@@ -180,6 +224,11 @@ int li_rand_pseudo (void)
   #endif
   #endif
     if (!li_rand_inited) li_rand_init();
+  #ifdef USE_NETTLE_CRYPTO
+    int i = (int)nettle_knuth_lfib_get(&knuth_lfib_ctx);
+    nettle_arcfour_crypt(&arcfour_ctx, sizeof(i), (uint8_t *)&i, (uint8_t *)&i);
+    if (i) return i; /*(cond to avoid compiler warning for code after return)*/
+  #endif
   #ifdef HAVE_ARC4RANDOM_BUF
     return (int)arc4random();
   #elif defined(HAVE_SRANDOM)
@@ -203,6 +252,21 @@ void li_rand_pseudo_bytes (unsigned char *buf, int num)
 
 int li_rand_bytes (unsigned char *buf, int num)
 {
+  #ifdef USE_NETTLE_CRYPTO
+  #if 0 /* not implemented: periodic nettle_yarrow256_update() and reseed */
+    if (!nettle_yarrow256_is_seeded(&yarrow256_ctx)) {
+        uint8_t seed_file[YARROW256_SEED_FILE_SIZE];
+        if (1 == li_rand_device_bytes((unsigned char *)seed_file,
+                                      (int)sizeof(seed_file))) {
+            nettle_yarrow256_seed(&yarrow256_ctx, sizeof(seed_file), seed_file);
+        }
+    }
+    if (nettle_yarrow256_is_seeded(&yarrow256_ctx)) {
+        nettle_yarrow256_random(&yarrow256_ctx, (size_t)num, (uint8_t *)buf);
+        return 1;
+    }
+  #endif
+  #endif
   #ifdef USE_OPENSSL_CRYPTO
     int rc = RAND_bytes(buf, num);
     if (-1 != rc) {

src/sys-crypto.h

@@ -3,10 +3,12 @@
 #include "first.h"
 
 #if defined HAVE_LIBSSL && defined HAVE_OPENSSL_SSL_H
+#define USE_LIB_CRYPTO
 #define USE_OPENSSL_CRYPTO
 #endif
 
 #ifdef HAVE_WOLFSSL_SSL_H
+#define USE_LIB_CRYPTO
 #define USE_OPENSSL_CRYPTO
 /* wolfSSL needs to be built with ./configure --enable-lighty for lighttpd.
  * Doing so defines OPENSSL_EXTRA and HAVE_LIGHTY in <wolfssl/options.h>, and
@@ -16,4 +18,9 @@
 #include <wolfssl/options.h>
 #endif
 
+#ifdef HAVE_NETTLE_NETTLE_TYPES_H
+#define USE_LIB_CRYPTO
+#define USE_NETTLE_CRYPTO
+#endif
+
 #endif